- updated post above....!
a1.com & a2.net are 2 different companies. a1.com and a2.net merged/takeover.
- users in a2.net want to access application app.a1.com/main.html in a1.com using SSO.
- a1.com and a2.net have a trusted relation-ship.
- app.a1.com is protected by Siteminder using NTLM authentication scheme which gives users in a1.com the ability to SSO into the application aa.a1.com
- a2.net users cannot use the same NTLM auth website ntlm.a1.com because it can serve only one domain.
So we create a NTLM Website in ntlm.a2.net and protect it using the policy server in a1.com. Since both domains are trusted user can login into a2.net ntlm site and get a cookie for a2.net. but we require cookie for a1.com. CookieProvider comes to help here.
- if using anon access in ntlm.a2.net, make sure that the user is from the AD in a1.com.
Sequence Below
- User in A2.net tries to access app.a1.com/redirect.html.
- CookieProvider site in a1.com is also involved.
- app.a1.com redirects to ntlm.a2.net/redirect.html
- ntlm.a2.net is protected by ntlm auth scheme on ntlm.a2.net/siteminderagent/ntlm/smntlm.ntc.
- Since ntlm.a2.net server is in a2.net domain, user gets a2.net cookie.
- because of CookieProvider in a1.com is involved, a1.com cookie is also created.
- now user has both a1.com and a2.net cookies.
- after authentication ntlm.a2.net/redirect.html redirects to app.a1.com/main.html with cookie.
No comments:
Post a Comment