Remove From My Forums

Office Communicator Web Access SSO - what API to use to login an already authenticated user?

Question

We use CA's SiteMinder SSO product at the enterprise where I work and want to provide presence awareness on our SiteMinder protected websites. I will use the CWA AJAX SDK to make presence requests, but I still need to tackle the SSO part of it first.

We have an instance of the CWA installed with the SiteMinder IIS module. So when I hit the CWA I get prompted to authenticate via HTTP AUTH, and after entering my creds I get sent to the CWA. SiteMinder populates a HTTP header (SM_USER) with the current username of the client. With this information I should be able to login the user somehow correct? However I can't find any useful information in the documentation on how to accomplish this.

I have written a C# HTTP Module that strips the username from the header, but I don't know what method to call to login the user and generate the CWA-AuthTicket. Anybody run into this before or have any ideas? Thanks!

1    public class SMAuthModule : IHttpModule, IRequiresSessionState 
2    { 
3        public SMAuthModule() { } 
4 
5        public void Init(HttpApplication app) 
6        { 
7            app.PreRequestHandlerExecute += new EventHandler(Application_PreRequestHandler); 
8        } 
9 
10        public void Dispose() { } 
11 
12        public void Application_PreRequestHandler(Object sender, EventArgs e) 
13        { 
14            if (HttpContext.Current.Request.Headers["SM_USER"] != null) 
15            { 
16                /* Get SiteMinder userid from headers */ 
17                NameValueCollection coll = HttpContext.Current.Request.Headers; 
18                string smUser = coll["SM_USER"]; 
19 
20                /* Create principal object */ 
21                string[] roles = {}; 
22                GenericIdentity webIdentity = new GenericIdentity(smUser, "Form"); 
23                GenericPrincipal principal = new GenericPrincipal(webIdentity, roles); 
24 
25                /* switch user */ 
26                HttpContext.Current.User = principal; 
27                Thread.CurrentPrincipal = principal;            
28                System.Web.Security.FormsAuthentication.RedirectFromLoginPage(HttpContext.Current.User.Identity.Name, false); 
29            } 
30            else 
31            { 
32                HttpApplication app = sender as HttpApplication; 
33                app.Context.Response.Write("Access Denied"); 
34            } 
35        } 
36    } 

Friday, March 6, 2009 5:04 PM

1	public class SMAuthModule : IHttpModule, IRequiresSessionState
2	{
3	public SMAuthModule() { }
4
5	public void Init(HttpApplication app)
6	{
7	app.PreRequestHandlerExecute += new EventHandler(Application_PreRequestHandler);
8	}
9
10	public void Dispose() { }
11
12	public void Application_PreRequestHandler(Object sender, EventArgs e)
13	{
14	if (HttpContext.Current.Request.Headers["SM_USER"] != null)
15	{
16	/* Get SiteMinder userid from headers */
17	NameValueCollection coll = HttpContext.Current.Request.Headers;
18	string smUser = coll["SM_USER"];
19
20	/* Create principal object */
21	string[] roles = {};
22	GenericIdentity webIdentity = new GenericIdentity(smUser, "Form");
23	GenericPrincipal principal = new GenericPrincipal(webIdentity, roles);
24
25	/* switch user */
26	HttpContext.Current.User = principal;
27	Thread.CurrentPrincipal = principal;
28	System.Web.Security.FormsAuthentication.RedirectFromLoginPage(HttpContext.Current.User.Identity.Name, false);
29	}
30	else
31	{
32	HttpApplication app = sender as HttpApplication;
33	app.Context.Response.Write("Access Denied");
34	}
35	}
36	}

Asked by:

Office Communicator Web Access SSO - what API to use to login an already authenticated user?

Question