Previous Topic

Next Topic

Book Contents

Book Index

System - User Authentication

SiteMinder

This section allows sysadmins to enable single-signon integration with CA's eTrust SiteMinder authentication product.

Embedded OLE File Template, D75, H100

Enabling the option causes MOVEit DMZ to begin watching for the SiteMinder-specific HTTP headers that indicate a user has already been authenticated by a SiteMinder Policy Server acting through a SiteMinder Web Agent. When such headers are present, MOVEit DMZ will automatically log the user on, without having to prompt the user for authentication credentials again. This allows DMZ to achieve true single-signon integration when operating in a SiteMinder environment.

To add an additional measure of security to MOVEit DMZ's communication with SiteMinder, a special shared secret will be automatically generated whenever this setting is enabled. In order for DMZ to trust the HTTP headers injected into the request by the SiteMinder Web Agent, a special header with the name HTTP_SM_MOVEITDMZ_SHAREDSECRET must be included with a value of this shared secret. Such a header can be configured as part of a Response object in SiteMinder. See the SiteMinder Integration page in the Advanced Topics section for more information about configuring a Response object.

Unique Usernames

The sysadmin can set whether a username can be used in one MOVEit DMZ organization only, or whether it can be used in multiple organizations.

Embedded OLE File Template, D75, H100

Note that if you are using MOVEit Central, or scripts, to access MOVEit DMZ, this setting can affect the ability of existing MOVEit Central accounts and scripts to authenticate to MOVEit DMZ.

When a username is used in multiple organizations, authenticating the username becomes a bit more complicated. Normally, the appropriate organization will be automatically determined by checking cookies or matching host names, but in some cases it may require users to provide an organization name. To authenticate, the organization must be identified. This can be done by: