Passing SiteMinder Variable through Iframes

book

Article ID: 52885

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Description:

Does siteminder allow to pass variables and their values to IFRAMES pointing to unprotected pages, in order that those unprotected pages could use that variables? Example, I have a page build from www.a.com and www.b.com pages. www.b.com pages are delivered by a webserver without webagent.

Solution:

As for security reasons, SiteMinder encrypts user's informations, you do need webagent running on your second webserver to decrypt them. WebAgent mechanism allows to retreive variable values and pass them to web servers. More, the second domain b.com should be protected by SiteMinder too to pass identity. So, we recommand you to install webagent on the server which hold the domain b.com site.

The target iframe will not be able to retrieve information as the server is not running any webagent. SiteMinder will return original URL after authentication, that means that we won't be able to modify URL.

Environment

Release:
Component: SMPLC