SiteMinder Logout

Contents

Overview

When the Enterprise Gateway authenticates to CA SiteMinder on behalf of a user, SiteMinder can issue a single sign-on token as evidence of the authentication event. The token is eventually returned to the client, which can then use it in subsequent requests to the Enterprise Gateway.

Instead of authenticating the client against SiteMinder for every request, the Enterprise Gateway need only validate the token. If the token validates, the client can be considered authenticated. If the token does not validate, the client is not considered authenticated.

You can use the SiteMinder Logout filter to invalidate a single sign-on token that was previously issued by SiteMinder. When the token has been invalidated, the client is no longer be considered authenticated.

Note:
You must have already validated the session before calling the SiteMinder Logout filter in your circuit. For more details, see the SiteMinder Session Validation topic.

Prerequisites

CA SiteMinder integration requires CA SiteMinder SDK version 12.0-sp1-cr005 or later.

Enterprise Gateway
When adding third-party binaries to the Enterprise Gateway, you must perform the following steps:

  1. Add the binary files as follows:
    • Add .jar files to the InstallDir/ext/lib directory.
    • Add .dll files to the InstallDir\win32\lib directory.
    • Add .so files to the InstallDir/platform/lib directory.
  2. Restart the Enterprise Gateway.

Policy Studio
When adding third-party binaries to the Policy Studio, you must perform the following steps:

  1. Add .jar files to the InstallDir/plugins/thirdparty.runtime.dependencies_6.0.3 directory.
  2. Restart the Policy Studio.

Configuration

Enter a name for the filter in the Name field of the SiteMinder Logout screen.