I have created a custom authentication scheme to bypass the login page of an application . I would like to know , what values should be given for the following fields : Library and Parameter.
As per the requirement, I need to collect browser request cookie ( eg : values of JSESSIONID ) and pass it as a parameter to the authenticate() function and also pass environment such as 'dev' , 'uat' etc as a parameter to init() function.
Is this possible through custom authentication scheme ?
Regarding the Library and Parameter,
- The library name is always smjavaapi.- In the parameter field, the first item must be the name of the custom class you implemented with the Authentication API or Authorization API, as follows:
With authentication schemes, specify the name of the class you implemented from the base interface SmAuthScheme. The class name should include the fully qualified package name, such as:com.myorg.sdk.myclass
Java Authentication and Authorization Guidance - CA Single Sign-On - 12.52 SP1 - CA Technologies Documentation
Custom Authentication Scheme is tied w/ User directory and functioning on Policy Server side not on Web application/Web Agent side. So, passing such value of JSESSIONID to Policy Server might need more consideration or consultation… It would be better to look into SDK sample “javaauthapi” to see how Custom Authentication Scheme will work.
Here is a diagram excerpted from “Programming Guide for Java”.
As for Java Authentication Scheme, you may refer following as well.
(1) Custom Authentication Scheme Creation Uisng Java - CA Single Sign-On - 12.52 SP1 - CA Technologies Documentation
(2) TEC559203 - How to run the java custom authentication scheme provided with the sample SDK.
I hope this would help.
Hi Koichi ,
Thank you for the valuable advice. I have attached here , a snapshot of the request cookie from the browser.
We want to collect "ut_authn" from the request cookie and pass it to authenticate() method using custom authentication scheme.
Could you please tell us , if there is any possibility to collect this ut_authn from browser or from web agent and pass it as a parameter in custom authentication scheme
Regarding your collecting "ut_authn" and passing it to your Custom Authentication Scheme, the documentation on normal HTML Forms Authentication could help.
Configure HTML Forms Authentication - CA Single Sign-On - 12.52 SP1 - CA Technologies Documentation
Especially, this also explains Custom Authentication Scheme as following.
The user name and password data that the FCC collects are passed to the Policy Server, which passes them to the authentication scheme library.
Unless back-end mapping is required, the SmAuthHTML authentication scheme library can be used. SmAuthHTML it is distributed with the Policy Server and already installed on the Policy Server system.
If you write a custom authentication scheme and you want to gather more data than the user name and password, the FCC must pack that data into the user name and password fields. These fields must be fewer than 511 characters long. The custom authentication scheme library must then be able to unpack the data and map it to the user name and password.
The FCC can be installed on the same system as the Policy Server.
As per the above documentation, if you could pass your "ut_authn" data by packing it into password field in FCC, your Custom Authentication Scheme on Policy Server side could retrieve it by the method getPassword() of UserCredentialsContext Class and unpacking the data.
It would also need:
The redirection URL can be set by setResponseBuffer() method in query().And, as for such custom login page, below document is really useful.
Custom Login Page
But, if they would not answer to you, as the question is regarding customization and development, it seems that you had better to contact appropriate person such as your Account manager or CA Services.
User requests /u/smtest and has not logged in yet. They do not have a SMSESSION and they do not have a ut_athn.
Siteminder intercepts the request and checks for SMSESSION. No SMSESSION was found.
So Siteminder checks for a ut_authn via custom authentication scheme.
No ut_authn was found, so siteminder redirects to /ut/login.jsp with a TARGET parameter of smtest page.
User is presented with the /ut/login.jsp page and submits username and password credentials.
The login page validates the user against credentials against xldap and generates a ut_authn.
he user is redirected back to /u/smtest and now has a ut_authn. siteminder intercepts the request and checks for SMSESSION.
No SMSESSION was found we are looking for and can we use two authentication schemes for same request.
can we have few details.
Hi Nithin Chandra,
Have a look at this new tech tip that I just published :Tech Tip : CA Single Sign-On :Policy Server:How to collect additional attribute using custom authentication
Hope this helps.
I have few questions, I have gone through the provided Tech Tip, and right now in my case I am using login.jsp page and we want to use two authentication schemes, one to get the login.jsp page (ut_authn token) and a smsession cookie after we login in. right now we are stuck at the cookie as we are not seeing cookie.
So can you provide me any information how we can achieve this.