We have a requirement to leverage 2nd factor authentication capability that we have builtusing CA SiteMinder 12.52 SP1 and AuthMinder 7.0.1 integration.
We have a Microsoft based web application (e.g. App1) which is protected by ADFS 3.0 fora form based authentication (Username and Password). Our client wants the userto be redirected for a second factor authentication if the user is accessingthe application from an external network (say Internet or any other Vendornetwork). Since, the client has deployed advance authentication solution usingCA SiteMinder and AuthMinder for Arcot OTP, they want to leverage the samesolution for this requirement.
Step 1 - I am thinking to establish a IDP - SP relation between ADFS and SiteMinder. So thatSiteMinder will consume the SAML2 assertion generated by ADFS, disambiguate theuser, generate the SMSESSION and forward to a URL (say /adfs) protected withArcot OTP auth scheme.
Step 2 - I am thinking to do some scripting if required in the shimFinal.fcc (comes in Arcotintegration) to prepare the final TARGET URL for the user to redirect toapplication.
1. Does anybody have experience in ADFS and SM federation trust configuration. I knowthere is a run book from CA but don't find that having detail steps. Do I needto configure a resource protected with SAML2.0 AuthScheme for this ?
2. Does anybody have integrated SiteMinder with AuthMinder for 2nd Factor, where the1st factor is done by a third party IDP (ADFS in our case)? If yes, how did youhandle the flow to redirect for the 2nd Factor?
Step1 is looking good for me and you can refer below runbook to complete the configuration.
SAP Portal Services
1. Does anybody have experience in ADFS and SM federation trust configuration. I knowthere is a run book from CA but don't find that having detail steps. Do I needto configure a resource protected with SAML2.0 AuthScheme for this ?-->Please refer below runbook which has complete details.https://support.ca.com/phpdocs/1/8231/runbooks/CASM-ADFS_as_IDP_FederationRunbookCertification-ver1.0.pdf
One doubt that is can we integrate ca sso 12.8 version with ADFS on windows server 2016 .