SharePoint 2007 and SiteMinder
Posted
by
pborovik
on Stack Overflow
See other posts from Stack Overflow
or by pborovik
Published on 2012-12-06T11:01:29Z
Indexed on
2012/12/06
11:03 UTC
Read the original article
Hit count: 440
sharepoint
|siteminder
Here is a question regarding some details how SiteMinder secures access to the SharePoint 2007.
I've read a bunch of materials regarding this and have some picture for SharePoint 2010 FBA claims-based + SiteMinder security (can be wrong here, of course):
- SiteMinder is registered as a trusted identity provider for the SharePoint;
- It means (to my mind) that SharePoint has no need to go into all those user directories like AD, RDBMS or whatever to create a record for user being granted access to SharePoint - instead it consumes a claims-based id supplied by SiteMinder
- SiteMinder checks all requests to SharePoint resources and starts login sequence via SiteMinder if does not find required headers in the request (SMSESSION, etc.)
- SiteMinder creates a GenericIdentity with the user login name if headers are OK, so SharePoint recognizes the user as authenticated
But in the case of SharePoint 2007 with FBA + SiteMinder, I cannot find an answer for questions like:
- Does SharePoint need to go to all those user directories like AD to know something about users (as SiteMinder is not in charge of providing user info like claims-based ids)? So, SharePoint admin should configure SharePoint FBA to talk to these sources?
- Let's say I'm talking to a Web Service of SharePoint protected by SiteMinder. Shall I make a Authentication.asmx->Login call to create a authentication ticket or this schema is somehow changed by the SiteMinder? If such call is needed, do I also need a SiteMinder authentication sequence?
- What prevents me from rewriting request headers (say, manually in Fiddler) before posting request to the SharePoint protected by SiteMinder to override its defence?
Pity, but I do not have access to deployed SiteMinder + SharePoint, so need to investigate some question blindly. Thanks.
© Stack Overflow or respective owner