SiteMinder Single Sign On authentication

Note that SiteMinder Single Sign On was deprecated with the release of Transtream 8.34.0. See Authentication for alternative authentication modes.

Transtream App runtime users can be validated by SiteMinder Single Sign On. Authentication for Product Admin and Designer URLs will continue to use Forms Authentication regardless of the mode set. This cannot be changed. See Authentication for an overview and details of the other modes available.

SiteMinder is a centralized web access management system that authenticates users based on a defined user header. User validation is performed against policies and Active Directory data stores defined in SiteMinder. See your SiteMinder documentation for details on Single Sign On.

In Product Admin, on the Security tab, when Authentication Mode is set to Single Sign On, you have the following configuration:

Single Sign On requires custom headers to be sent as part of each request. These hold the detail that is then used to validate the request in SiteMinder.

The settings:

  • User Header Name. Mandatory. Default is HTTP_USERNAME. This header holds the user name that will be validated.
  • Group Header Name. Optional. Default is HTTP_GROUPMEMBERSHIP. This header can contain one or more user groups that the user is a member of. If omitted, then no groups are specifically associated with the user, and only groups read from Active Directory are used. If more than one, use Group Delimiter to specify the character used (you can only define one delimiter).
  • Anonymous User. Optional. A username to use when no value is found in the user header.
  • Anonymous Group. Optional. A group to associate with all users.
  • Active Directory Source. Default is Auto. What security (Domain or Local) to use for Active Directory queries. Auto means use Domain if the server is a member of a Windows domain, otherwise use Local.
  • Active Directory Time Limit (secs). Optional. Default is unset (no limit). A limit of the duration of Active Directory queries. Records retrieved up to the limit are used, and the query is then terminated.
  • Active Directory Size Limit. Optional. Default is unset (no limit). The maximum number of records that can be returned.
  • Cache Active Directory Results. When enabled, results are cached. Caching improves performance as it reduces the number of Active Directory queries. However, changes to Active Directory membership will not be visible to the Transtream instance until the cache expires and is subsequently recached. The cache expires after 6 hours of inactivity.
Article last edited 28 January 2020