FishEye and Crucible

Not sure what you mean ?

The options are printed on line 119. Granted, they are the options passed to the module and not the ones that finally are effective but unless the option parsing is at fault then they should be the same.

I think the current code wouldn't work either if SiteMinder domain is different than OpenAM domain. However, as long as OpenAM sees the SiteMinder cookie and can set such a cookie in the users browser then I think it works.

Under products/federation/openfm/integrations/siteminder. Took me a while to find it as well, I've always just used the code in the distribution zipfile.

True. I just have no idea how such services would be created/configured and how this module would read the configuration from the service. Examples welcome...

For finding out what exactly has changed in the functionality it is probably best to look at the current siteminder integration code and this side by side. Some highlights and questions below:

• FAMAuthScheme has become OpenAMAuthScheme
• Logging has been changed from stdout to Debug
• SiteMinder session is created by doing an HTTP request to a SiteMinder protected page (in SMSessionUtils) instead of doing it via SiteMinder AgentAPI.
• Trusted hostname and encryption key is read from SiteMinder agent SmHost.conf instead of module properties. This allows running load balanced OpenAM servers.

• Is there a way to keep the SiteMinder AgentAPI session running between authentications ? Initializing the AgentAPI is relatively expensive/time consuming and it would be better to initialize the API once, keep it running in the background and just do the actual credential verification in the SMAuthModule.
• The current SiteMinder integration code used the user DN as credentials. This creates inconsistencies between user logging in via SiteMinder login form vs. from OpenAM so I have switched from DN to username. However, I'm not entirely sure if my way of extracting the userid from the OpenAM universal ID is the right way of doing things (OpenAMAuthScheme line 244 onwards) .
• The SMCreateSessionPlugin uses a properties file to get the SiteMinder login URL. A better solution would be to have this somehow in the realm configuration but how ? The AMPostAuthProcessInterface class methods don't get configuration information passed onto them upon initialization like SAML2ServiceProviderAdapter class does.