What capabilities and features of SSO Zones are supported by Application Server Agent (ASA) R12.0 for Weblogic?

Document ID : KB000049338
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

With R12 SP2 CR01 the ASA for WebLogic has been enhanced to support its participation in a SiteMinder environment configured with the Security Zones feature. The ASA for WebLogic does not support all of the capabilities and features available in the SiteMinder Security Zones feature, but it can both create and process SiteMinder session cookies which have had the default prefix modified.

Which features of SSO Zones are supported at this moment by the Siteminder Web agent and the ASA?

Solution:

Please find a summary of the differences between Zones Support in SiteMinder Web Agent and ASA Agent below:

 

Web Agent

ASA Agent

How many zones are supported? As many as configured ONLY 1
How are security zones configured? Through ACO parameters: SSOZoneName and SSOTrustedZone Doesn't honour the ACO parameters. Instead, is configured directly into the application server, with steps given in the Readme.
Supports "Default" zone? Yes No. The ASA can only support a SINGLE zone. It is either the default SMSESSION zone, or a custom-configured zone, but not both.
Supports "Trusted" zone list? Yes No. ASA only supports a SINGLE zone.

Consider the diagram below from our Web Agent documentation: the ASA can only participate in either Zone A or Zone B. That is, it can create, accept and update a cookie labelled as ZONEASESSION or create, accept and update a cookie labelled as ZONEBSESSION, but it cannot do both, and so it cannot support Zone C.

Figure 1

In a setup with two zones, A and B, for example, where the user has logged into A, he will be re-challenged the first time he tries to access a resource in B. After that, he can navigate from A to B without being re-challenged, as long as the cookies have not expired.

If you need further clarification regarding this feature please contact Tech Support.