The user authentication and authorization component of an access management suite from Netegrity (www.netegrity.com), a division of Computer Associates. SiteMinder provides policy-based authentication as well as single sign-on for all Web-based applications. SiteMinder is used in conjunction with IdentityMinder, which manages detailed user profiles, and TransactionMinder, which provides access to Web services.
The SM Web Agent installed on the Web Server is designed to intercept all traffic and checks to see if the resource request is...
Protected by SiteMinder
If the User has a valid SMSESSION (i.e. is Authenticated)
If 1 and 2 are true, then the WA checks the Siteminder Policy Server to see if the user is Authorized to access the requested resource.
To ensure that you don't have HTTP Header injections of user info, the SiteMinder WebAgent will rewrite all the SiteMinder specific HTTP Header information. Essentially, this means you can "trust" the SM_ info the WebAgent is presenting about the user since it is created by the Web Agent on the server and not part of the incoming request.
The user authentication and authorization component of an access management suite from Netegrity (www.netegrity.com), a division of Computer Associates. SiteMinder provides policy-based authentication as well as single sign-on for all Web-based applications. SiteMinder is used in conjunction with IdentityMinder, which manages detailed user profiles, and TransactionMinder, which provides access to Web services.
