MyTechReference - Technical Notes


by IDAMGroup

CA Siteminder SSO Security Zones

SSO Security Zones

Creating single sign-on security zones within the same cookie domain to represent it as multiple cookie domain. As a result, users can have single sign-on within the same zone, but may be re-challenged when entering a different zone

 

Cookies affected by this Security Zones

SiteMinder uses state cookies to manage the various events surrounding authentication and authorization. All of these cookies by default begin with the default single sign-on security zone prefix SM. If a new single sign-on zone name is specified, then these cookies are also named to reflect the specified non-default zone name. Below is a list of cookies that are affected by defining a new single sign-on zone:

  • SMCHALLENGE
  • SMDATA
  • SMIDENTITY
  • SMONDENIEDREDIR
  • SMSESSION
  • SMTRYNO

If a zone name of Z1 is specified, for example, the Web Agent begins creating Z1CHALLENGE=YES cookies for Basic authentication

 

  • Z1SESSION
  • Z1IDENTITY
  • Z1DATA
  • Z1TRYNO
  • Z1CHALLENGE
  • Z1ONDENIEDREDIR

---------------------------------------------------------------------------------------------------------------------------------------------

Disclaimer: Content posted here worked for me and may not guarantee success, should be used as reference only and please use it cautiously.