locked
Office Communicator Web Access SSO - what API to use to login an already authenticated user? RRS feed

  • Question

  • We use CA's SiteMinder SSO product at the enterprise where I work and want to provide presence awareness on our SiteMinder protected websites. I will use the CWA AJAX SDK to make presence requests, but I still need to tackle the SSO part of it first.

    We have an instance of the CWA installed with the SiteMinder IIS module. So when I hit the CWA I get prompted to authenticate via HTTP AUTH, and after entering my creds I get sent to the CWA. SiteMinder populates a HTTP header (SM_USER) with the current username of the client. With this information I should be able to login the user somehow correct? However I can't find any useful information in the documentation on how to accomplish this.

    I have written a C# HTTP Module that strips the username from the header, but I don't know what method to call to login the user and generate the CWA-AuthTicket. Anybody run into this before or have any ideas? Thanks!

    1    public class SMAuthModule : IHttpModule, IRequiresSessionState 
    2    { 
    3        public SMAuthModule() { } 
    4 
    5        public void Init(HttpApplication app) 
    6        { 
    7            app.PreRequestHandlerExecute += new EventHandler(Application_PreRequestHandler); 
    8        } 
    9 
    10        public void Dispose() { } 
    11 
    12        public void Application_PreRequestHandler(Object sender, EventArgs e) 
    13        { 
    14            if (HttpContext.Current.Request.Headers["SM_USER"] != null
    15            { 
    16                /* Get SiteMinder userid from headers */ 
    17                NameValueCollection coll = HttpContext.Current.Request.Headers; 
    18                string smUser = coll["SM_USER"]; 
    19 
    20                /* Create principal object */ 
    21                string[] roles = {}; 
    22                GenericIdentity webIdentity = new GenericIdentity(smUser, "Form"); 
    23                GenericPrincipal principal = new GenericPrincipal(webIdentity, roles); 
    24 
    25                /* switch user */ 
    26                HttpContext.Current.User = principal; 
    27                Thread.CurrentPrincipal = principal;            
    28                System.Web.Security.FormsAuthentication.RedirectFromLoginPage(HttpContext.Current.User.Identity.Name, false); 
    29            } 
    30            else 
    31            { 
    32                HttpApplication app = sender as HttpApplication; 
    33                app.Context.Response.Write("Access Denied"); 
    34            } 
    35        } 
    36    } 

    Friday, March 6, 2009 5:04 PM