We have a client requirement wherein we need to protect a desktop based application(.exe developed using .Net) using CA SiteMinder. Currently, they are using some internal code for generating the security token which is being stored in database. This token is then passed to webservice which user tries to access and the validation done against the database.
Since this Security token code is vulnerable for security attacks they want it to be replaced with CA SiteMinder SMSESSION.
I checked with them and I don't see any webserver in place at their where we can install the SIteMinder webagent to generate SMSESSION.
Can you please advise what approach we need to follow to address this requirement with or without webserver in place? Also, we need to achive the IWA in this.
I appreciate your quick help in this.
have you tried using the SDK to create something custom?
I have never used SDK for any custom implementation.
As i have never seen CA do a desktop agent, this might be your best approach outside of CA Professional Services.
SiteMinder can protect ONLY web based application. It can't protect desktop application.
You can probably have a look at CA ControlMinder that has the capability to protect desktop app.