Hi,
We have a new requirement which is to integrate siteminder to protect mobile apps. I have gone through the documentation by CA which is Implementing Siteminder Authentication for Mobile Apps and here are my few questions.
1. As per the doc, we can use the existing Sitemiinder Infrastructure which is webagent or Secure Proxy Server and deploy Siteminder Authentication kit to do the needful. If we go ahead with the siteminder webagent route, the only possibility will be to have SMSESSION Cookies which are of 2 KB size and this would def be a disadvantage. Is this correct?
2. To my understanding the Siteminder Authentication kit would be deployed on an exisitng Siteminder Agent? In other words, do we need to have an siteminder agent and then deploy the authentication kit on top of it?
3. The SPS sounds likea better option which supports mini-cookies or SSL_ID session schemes which produce cookies of 10-byte size which sounds much better. Are there any disadvantages if we go ahead with SPS option?
4. Does this soultion support only Basic Authentication? If yes, is it secure enough?
5. Does SPS require a separate license? We already have siteminder license.
6. When we go with SPS route, there are 3 files deployed on sps_home/sma and 3 files deployed on webserver_home? Does the webserver_home means a separate webserver all together or can those files be deployed on the httpd instance which comes inbulit with the SPS?
7. Also any more documentation in reference to Siteminder Intrgration with mobile apps will be much useful ( Ihave gone through the pre release document..is there any other document release officially by CA)
Thanks in advance