Behind the request to a server protected by siteminder
2 modes for deploying siteminder
- proxy server
- agent configuration - install software on the web server
What happens when user raises a request
The following steps occur when a user tries to access a protected resource on a web server configured to use SiteMinder authentication:
- The user requests a resource on the server via http connection.
- while web server receive the request, it will interrupted by SiteMinder web agent.
- The web agent determines whether or not the resource is protected, and if so, gathers the user’s credentials and passes them to the Policy server.
- The Policy server authenticates the user and verifies whether or not the authenticated user is authorized for the requested resource, based on rules and policies contained in the Policy store.
- After the user is authenticated and authorized, the Policy server grants access to the protected resources.
<img src='http://www.codeproject.com/KB/IP/SiteminderHttpWebRequest/smfig1.jpg' alt=‘Request Flow' />