Previous Topic

Next Topic

Book Contents

Book Index

System - User Authentication

SiteMinder

This section allows sysadmins to enable single-signon integration with CA's eTrust SiteMinder authentication product.

Embedded OLE File Template, D75, H100

Enabling the option causes MOVEit Transfer to begin watching for the SiteMinder-specific HTTP headers that indicate a user has already been authenticated by a SiteMinder Policy Server acting through a SiteMinder Web Agent. When such headers are present, MOVEit Transfer will automatically log the user on, without having to prompt the user for authentication credentials again. This allows MOVEit Transfer to achieve true single-signon integration when operating in a SiteMinder environment.

To add an additional measure of security to the communication between MOVEit Transfer and SiteMinder, a special shared secret will be automatically generated whenever this setting is enabled. In order for MOVEit Transfer to trust the HTTP headers injected into the request by the SiteMinder Web Agent, a special header with the name HTTP_SM_MOVEITDMZ_SHAREDSECRET must be included with a value of this shared secret. Such a header can be configured as part of a Response object in SiteMinder. See the SiteMinder Integration page in the Advanced Topics section for more information about configuring a Response object.

Unique Usernames

The sysadmin can set whether a username can be used in only one MOVEit Transfer organization, or in multiple organizations.

Embedded OLE File Template, D75, H100

If you are using MOVEit Automation or scripts to access MOVEit Transfer, this setting can affect the ability of existing MOVEit Automation accounts and scripts to authenticate to MOVEit Transfer.

When a username is used in multiple organizations, authenticating the username becomes a bit more complicated. Normally, the appropriate organization will be automatically determined by checking cookies or matching host names, but in some cases it may require users to provide an organization name. To authenticate, the organization must be identified. This can be done by: