Over is the time where you built your home-made authentication system in your application ! Now, Access Management softwares do this job and they’re doing it well ! They avoid many headaches with security threat or architecture omission.
Here is the complete method to protect with Siteminder your websites hosted on Apache HTTP Server.
Siteminder Agent for Sharepoint is a quite complicated product to implement. Sometimes, it can throw you an error in your face with no more clues to move on so that you’re stuck for a long time with an unsolved bug.
It happened with me and the error “Certificate not Verified” . First, Tomcat will show you an Internal 500 error on Tomcat. When you look at the web agent trace log, you’ll be able to see the error “Certificate not verified”.
Your claim web service on Siteminder Agent For Sharepoint has to be requested by your people picker on Sharepoint to retrieve a list of users for assigning permissions.
This web service is, by default, open to everyone with all the informations in it : infos about all your users in your Siteminder User Directory.
But, luckily you have the possibility to protect it with SSL Client authentication because you maybe do not want to give access to a list of users to everyone in your company.
Some companies has multiple top-domain or multiple domains in their infrastructure. For example, mycompany.net for internal use and mycompany.com for public URLs.
Sometimes, you have just bought a company and want to integrate it into your Siteminder but all the URLs are from a different domain and you want to keep your SSO ?
You will face a problem very quickly with your SMSESSION cookie in the wrong domain. This is how you can do to avoid this troubles.
If you have an Active Directory in your infrastructure and you have integrated Siteminder with it, it can be great to use the Integrated Windows Authentication (aka IWA) to authenticate automatically.
With Siteminder, there is a built-in IWA with your Windows Authentication. You just have to use an agent on a Windows Server and after you can authenticate your user with IWA on Linux/Unix etc… servers for example.