When the Enterprise Gateway authenticates to CA SiteMinder on behalf of a user,
SiteMinder can issue a single sign-on token as
evidence of the authentication event. The token is eventually returned
to the client, which can then use it in subsequent requests to the Enterprise Gateway.
Instead of authenticating the client against SiteMinder for every
request, the Enterprise Gateway need only validate the token. If the token
validates, the client can be considered authenticated. If the token
does not validate, the client is not considered authenticated.
You can use the SiteMinder Logout filter to invalidate a
single sign-on token that was previously issued by SiteMinder. When the
token has been invalidated, the client is no longer be considered
authenticated.
Note:
You must have already validated the session before calling the SiteMinder
Logout filter in your circuit. For more details, see the
SiteMinder Session Validation
topic.
|