An online service may receive identity attributes about their client through one of two interfaces – SiteMinder or SAML. The service can use this data to:
- Register or match their client’s identity information in their system
- Determine what their client is authorized to access
- Provide information or services to them
SiteMinder is a product implemented as part of the government’s corporate identity information management system and is also part of the government’s enterprise security gateway.
Login requests are initiated when an individual requests to access a SiteMinder-protected web resource. This is commonly displayed to your client as a login or registration button on your online service’s website. The SiteMinder web agent in your online service’s web server communicates with the centrally-managed SiteMinder policy server to authenticate the individual.
If your online service is configured to use the BC Services Card, then SiteMinder redirects your client to the authentication system login application where they log in using their card and passcode. After successfully logging in, the Identity Assurance Service (IAS) provides the individual's identifier and identity attributes to SiteMinder. It then securely passes the data to your online service through its SiteMinder agent in the form of HTTP header variables.
Security Assertion Markup Language (SAML)
SAML is an open data standard used for exchanging information about an individual between systems (including authentication for federation requests). It’s typically used in circumstances where SiteMinder is not supported.
Login requests are initiated when an individual requests access to a web resource. This is commonly displayed as a login or registration button. Your online service would be configured as a service provider and authorized to use the B.C. government’s SAML-based identity provider.
Your online service sends a login request to the IAS login application that prompts the individual to log in using their BC Services Card and passcode. After successfully logging in, the authentication system provides the individual's identifier and identity attributes to your online service in a format specified by the SAML 2.0 specification. The online service then validates the response (for example, using a signature). These identity attributes follow an XML format specified by the SAML 2.0 standard and can be referred to as assertions.
Contact the IDIM team for more information about interfaces.