Sun OpenSSO Enterprise 8.0 Integration Guide

Authentication and Authorization

SiteMinder supports several authentication schemes as part of its authentication framework. Authentication schemes provide a way to collect credentials and determine the identity of a user. SiteMinder Credential Collector is an application within the web policy agent that gathers specific information about a user's credentials, and then sends the information to the Policy Server. For form-based authentication, credentials are acquired by the Forms Credential Collector (FCC) process. The default extension for FCC files is .fcc. FCC process files are composed in a simple mark-up language that includes HTML and some custom notation. The following describes a simple authentication scheme flow using a form-based authentication scheme:

  1. A user requests a resource that is protected by a policy agent and contained in a realm. The realm is protected by an HTML form-based authentication scheme.

  2. SiteMinder contacts the Policy Server and determines that the user request must be redirected to the credential collector.

  3. The policy agent redirects to the URL of the Credential Collector file.

  4. The Credential Collector displays the form described in the .fcc file of the user's browser.

  5. The user fills out the custom form and submits it. The Credential Collector processes the credentials by submitting the form to the Policy Server.

  6. If the user is authenticated, Credential Collector creates a session cookie and sends it to the browser. The browser redirects the user to the resource that the user originally requested.

  7. The web policy agent handles user authorization by using the user's session.