AnsweredAssumed Answered

Anonymous Authentication Scheme in Cross Domain Single Sign On

Question asked by NeerajChase on Feb 17, 2015
Latest reply on Feb 28, 2015 by NeerajChase

Hi All,

I have a query related to anonymous authentication scheme.

We have an environment where two application are siteminder protected. App1 and App2 are in different domain space.


App1 URL : it is protected with form based authentication.


App2 URL : it is protected anonymous authentication scheme. It has cookie provider configured.

CP cookie domain is same as of App1 cookie domain.


Use case:

Now there is a situation where user is logged in App1 and access an anonymously protected URL in App2. Since user is already logged in, so siteminder should pass headers for USER DN who is already logged in rather than considering it as anonymous user.



Once logged in App1 and moving to anonymously protected URL, it is considering it as anonymous user i.e. App2 agent is not contacting cookie provider and creating local SMSESSION and then extracting User DN and generating headers for this user. Rather it is taking it as anonymous user.



Is this an exptected behavious where moving in cross domain, smsession can't be utilized to evaluate headers for user already logged in for anonymous login?



When we login in App1 and access a form based protected page of App2 and then accessing anonymously protected URL, it detects correct user DN and generated proper headers. Is it how siteminder should work ?


Let me know if anyone has any views on it.



Neeraj Tati