Advanced Desktop Integration for CA SiteMinder™
Advanced Desktop Integration for SiteMinder™
Advanced Desktop Integration for SiteMinder extends the capabilities of Integrated Windows Authentication (IWA) beyond a pure Windows environment — providing a seamless fallback from IWA to custom forms-based authentication for SiteMinder-protected applications.
In the office, users can silently authenticate to protected applications based on their Windows authentication. Away from the office, Desktop Integration for SiteMinder displays a custom logon page for authentication. Users do not have to click an alternate URL nor select a menu option; fallback happens automatically.
As an administrator, you define a single policy set enabling IWA authentication with fallback to HTML forms-based authentication.
Features
- Extended web browser support: Firefox, Chrome, and Internet Explorer
- Improved user experience
- Proven, standards-based technologies
- Simplified deployment
Comparison of CA Global Delivery IWA+Forms solution to IDF’s ADI solution.
|
|
CA GD
Solution |
IDF
ADI Solution |
|
Uses AJAX |
No[i] |
Yes |
|
Supports Firefox |
No |
Yes |
|
Supports Chrome |
No |
Yes[ii] |
|
App container |
IIS with ASP support installed |
Any Java Servlet Container with any front-end web server + agent[iii] |
|
Configurable |
No |
Yes – all needed parameters are configured via the deployment descriptor and/or SiteMinder responses |
|
Allows apps to specify their own login forms |
No |
Yes – in addition to a default login form, each app protected using ADI can specify its own login form URL |
|
Passes OWASP[iv]
security scan |
No – uses an open redirect relay vulnerable to XSS[v] |
Yes – uses a closed, configurable redirect |
|
Bypass IWA test by source IP |
No |
Yes – allows configuration of known source IP networks where IWA is supported |
|
Bypass IWA test by OS |
No |
Yes – will only perform the IWA check for Windows platforms |
|
Bypass IWA test for mobile devices |
No |
Yes – will not perform the IWA check from mobile devices |
|
Tested with SM 6, R12, and R12.5 |
Unknown |
Yes – IDF is actively developing and maintaining this solution |
[i] The GD solution uses the MS ActiveX control which predates AJAX and is deprecated by Microsoft after IE6
[ii] Chrome briefly displays a non-modal dialog when IWA fails – this limitation in inherent in Chrome
[iii] An IIS + agent is still required somewhere in the environment to provide the SM IWA challenge e.g. /siteminderagent/ntlm/creds.ntc
[v] A redirect that allows the browser to specify any arbitrary target URL
Implementation
Desktop Integration for SiteMinder™ employs an Apache web server and Tomcat servlet engine. A streamlined deployment package is included. The application will take advantage of IWA and only display a logon page when IWA is not available.
For more information, please call us at 888-612-8820 or use our Web Contact Form