How to write the Agent API to enable SSO from Standard Agent
search cancel

How to write the Agent API to enable SSO from Standard Agent

book

Article ID: 54844

calendar_today

Updated On: 10-14-2024

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Example on how to create custom agent for SSO.

Environment

Release:
Component: SMSDK

Resolution


1. Login through a Custom Agent.

2. Login Through a Standard Agent - the standard agent created SMCookie and the user pass to custom agent. Now, we need writing to get SMCookie and pass this information to Siteminder from the following instruction:
===================================================================
1. User logs in through the standard agent.
2. Standard agent authenticates the user by challenging the user for credentials through the login call.
3. SiteMinder creates the SMSESSION cookie in the user's browser and
inserts the encrypted token containing session information.
4. User requests a resource protected by a custom agent.
5. The custom agent obtains the SMSESSION cookie from the users request and extracts the token.
6. The custom agent passes the token to the method decodeSSOToken().
The method decodes the token and returns a subset of the token's
attributes to the custom agent.
7. The custom agent obtains the session specification from the token and passes the session specification to login(). The logincall validates the user without challenging the user for credentials.
8. User requests a resource protected by a standard SiteMinder agent.
9. The standard agent performs a login operation, which validates the user based on the contents of the SMSESSION cookie. The user is not challenged for credentials.
======================================================================

However, in the point 7, the client doesn't understand how to get the information.

How can my client obtain the session specification from the token by function "decodeSSOToken"? we can't find out any output parameter is session spec.

How can my client pass the information to function "login"? From the sdk, the login requires UserCredentials and SessionDef, but we don't have if the custom agent retrieve the existing SMCookie?

=====================================================================
login(java.lang.String clientIpAddress, ResourceContextDef rcd, RealmDef rd, UserCredentials uc, SessionDef sd, AttributeList al)

Performs session login or validates an existing session.
=====================================================================

Note: It is only needed to pass the SessionDef into the login method. You need to look for the SessionDef in the Attribute list from the decodeSSOToken method.
Look for the attribute id 209 (int) inside the attribute list.

Powered by Wolken Software