Web Interface - Settings - System - User Authentication

SiteMinder

This section allows sysadmins to enable single-signon integration with CA's eTrust SiteMinder authentication product.

settings_siteminder.png (16246 bytes)

Enabling the option causes MOVEit DMZ to begin watching for the SiteMinder-specific HTTP headers that indicate a user has already been authenticated by a SiteMinder Policy Server acting through a SiteMinder Web Agent. When such headers are present, MOVEit DMZ will automatically log the user on, without having to prompt the user for authentication credentials again. This allows DMZ to achieve true single-signon integration when operating in a SiteMinder environment.

To add an additional measure of security to MOVEit DMZ's communication with SiteMinder, a special shared secret will be automatically generated whenever this setting is enabled. In order for DMZ to trust the HTTP headers injected into the request by the SiteMinder Web Agent, a special header with the name "HTTP_SM_MOVEITDMZ_SHAREDSECRET" must be included with a value of this shared secret. Such a header can be configured as part of a Response object in SiteMinder. See the SiteMinder Integration page in the Advanced Topics section for more information about configuring a Response object.

Unique Usernames

The sysadmin can set whether a username can be used in one MOVEit DMZ organization only, or whether it can be used in multiple organizations.

settings_uniqueusernames.png (9696 bytes)