In an environment that includes resources located across multiple cookie domains, SiteMinder implements SSO across multiple cookie domains using a cookie provider. The cookie provider, which is a specially configured SiteMinderAgent, passes a cookie that contains the user?s identity and session information to other cookie domains in the SSO site. The user can then authenticate across the entire site. If the user?s browser is missing this cookie, the cookie provider sets it.
Within the SSO site, users are only challenged for identification upon their first attempt to access a resource. After they are authorized and authenticated, users can move freely between different realms that are protected by authentication schemes of an equal or lower protection level without re-entering their identification information.
Also, checkout Netegrity's WebSite for Case Studies at: http://www.netegrity.com
This was first published in December 2001