Admin-Siteminder

Siteminder authentication is enabled in src/www/ui/core-smauth.php.

This page is intended to capture an excellent email response written to one of our user's wishing to customize Siteminder authentication in FOSSology. Names have been changed by request to protect their identity.

Dear Mr. Duck,

I’ve worked on the FOSSology integration with HP’s corporate Siteminder installation, so perhaps I can offer some help in troubleshooting this.

Each CA Siteminder installation is configured uniquely to suit the needs of the organization. So it’s fair to say that HP’s Siteminder service and the customer’s Siteminder service will not be set up identically.

The goal of the FOSSology siteminder plugin is to map a unique user identifier provided by SiteMinder (for example, a company-wide user name, or a unique email address) to a login name in FOSSology.

You already found the relevant code in common_auth.php:

function siteminder_check() {
if (isset($_SERVER['HTTP_SMUNIVERSALID'])){
$SEA = $_SERVER['HTTP_SMUNIVERSALID'];
return $SEA;
}

From this code, you can see that the HP-specific environment variable that HP’s siteminder service is providing is called ‘HTTP_SMUNIVERSALID’. With HP’s siteminder service, this provides the unique “simplified” HP email address (for example, ’). FOSSology uses this name to create a login for the user.

In the case of your customer, we need to select an appropriate unique identifier that is supplied by their Siteminder service to use as the login name in FOSSology. From the environment variables you provided:


HTTP_SM_AUTHDIRNAMESPACE LDAP:
HTTP_SM_USER donald
HTTP_SM_USERDN polarisuid=donald,dc=Internal, dc=Users, dc=Disney
HTTP_SM_SERVERSESSIONID /Umgu4UhUd3baFabXXoderbel4U=

It seems that HTTP_SM_USER may be a good choice, since it provides a concise username. It would be wise to verify with the customer that this username is unique across the organization, to avoid any login name collisions – that is, make sure that no two users have the same HTTP_SM_USER name.

Assuming this variable is appropriate, you would want to alter the code in common_auth.php to look like this:

function siteminder_check() {
if (isset($_SERVER['HTTP_SM_USER'])){
$SEA = $_SERVER['HTTP_SM_USER'];
return $SEA;
}

Please let us know how this works, or if you need further guidance.

Cheers,
Goofy