We use CA's SiteMinder SSO product at the enterprise where I work and want to provide presence awareness on our SiteMinder protected websites. I will use the CWA AJAX SDK to make presence requests, but I still need to tackle the SSO part of it first.
We have an instance of the CWA installed with the SiteMinder IIS module. So when I hit the CWA I get prompted to authenticate via HTTP AUTH, and after entering my creds I get sent to the CWA. SiteMinder populates a HTTP header (SM_USER) with the current username of the client. With this information I should be able to login the user somehow correct? However I can't find any useful information in the documentation on how to accomplish this.
I have written a C# HTTP Module that strips the username from the header, but I don't know what method to call to login the user and generate the CWA-AuthTicket. Anybody run into this before or have any ideas? Thanks!
1 | public class SMAuthModule : IHttpModule, IRequiresSessionState |
2 | { |
3 | public SMAuthModule() { } |
4 | |
5 | public void Init(HttpApplication app) |
6 | { |
7 | app.PreRequestHandlerExecute += new EventHandler(Application_PreRequestHandler); |
8 | } |
9 | |
10 | public void Dispose() { } |
11 | |
12 | public void Application_PreRequestHandler(Object sender, EventArgs e) |
13 | { |
14 | if (HttpContext.Current.Request.Headers["SM_USER"] != null) |
15 | { |
16 | /* Get SiteMinder userid from headers */ |
17 | NameValueCollection coll = HttpContext.Current.Request.Headers; |
18 | string smUser = coll["SM_USER"]; |
19 | |
20 | /* Create principal object */ |
21 | string[] roles = {}; |
22 | GenericIdentity webIdentity = new GenericIdentity(smUser, "Form"); |
23 | GenericPrincipal principal = new GenericPrincipal(webIdentity, roles); |
24 | |
25 | /* switch user */ |
26 | HttpContext.Current.User = principal; |
27 | Thread.CurrentPrincipal = principal; |
28 | System.Web.Security.FormsAuthentication.RedirectFromLoginPage(HttpContext.Current.User.Identity.Name, false); |
29 | } |
30 | else |
31 | { |
32 | HttpApplication app = sender as HttpApplication; |
33 | app.Context.Response.Write("Access Denied"); |
34 | } |
35 | } |
36 | } |