Hello All,
We have a requirement to leverage 2nd factor authentication capability that we have built
using CA SiteMinder 12.52 SP1 and AuthMinder 7.0.1 integration.
Scenario
We have a Microsoft based web application (e.g. App1) which is protected by ADFS 3.0 for
a form based authentication (Username and Password). Our client wants the user
to be redirected for a second factor authentication if the user is accessing
the application from an external network (say Internet or any other Vendor
network). Since, the client has deployed advance authentication solution using
CA SiteMinder and AuthMinder for Arcot OTP, they want to leverage the same
solution for this requirement.
Solution Approach
Step 1 - I am thinking to establish a IDP - SP relation between ADFS and SiteMinder. So that
SiteMinder will consume the SAML2 assertion generated by ADFS, disambiguate the
user, generate the SMSESSION and forward to a URL (say /adfs) protected with
Arcot OTP auth scheme.
Step 2 - I am thinking to do some scripting if required in the shimFinal.fcc (comes in Arcot
integration) to prepare the final TARGET URL for the user to redirect to
application.
Questions
1. Does anybody have experience in ADFS and SM federation trust configuration. I know
there is a run book from CA but don't find that having detail steps. Do I need
to configure a resource protected with SAML2.0 AuthScheme for this ?
2. Does anybody have integrated SiteMinder with AuthMinder for 2nd Factor, where the
1st factor is done by a third party IDP (ADFS in our case)? If yes, how did you
handle the flow to redirect for the 2nd Factor?
Thanks,
Rajeeb