Symantec Access Management

We have SAML integration between ServiceNow and SiteMinder using Secure proxy servers.
We have a use case where regular users and admin users both access the same resource (ServiceNow) however after initial form-based authentication admin users are required to perform RSA 2 factor authentication (Step-up authentication). Our basic requirement was to have admin users only perform the RSA 2 factor authentication, however there is no way to pre-determine a user type without having to authenticate them first and query the LDAP attribute. So we had to adopt this approach.
These users are identified by an LDAP attribute. So they can only be identified by SiteMinder after initial form-based authentication
This is how we have implemented this requirement:
Upon initial form based authentication, if user is an admin user, they are redirected to another protected resource that uses RSA SecurID 2 factor authentication scheme.

How do we transfer the User ID to the second login page without having the user re-enter their User ID?
How do we preserve and / or transfer the original deep-linked ServiceNow URL so as to redirect to it upon a successful second authentication?

Hi,

How do we transfer the User ID to the second login page without having the user re-enter their User ID?

R: I'm thinking to use the SM_USER header to pass that to second login page

https://support.ca.com/cadocs/0/CA%20SiteMinder%2012%2052%20SP1-ENU/Bookshelf_Files/HTML/idocs/index.htm?toc.htm?345899.html

How do we preserve and / or transfer the original deep-linked ServiceNow URL so as to redirect to it upon a successful second authentication?

R: I was thinking use response to set the value (ie: OnAuthAccept for initial form-based authentication) so upon the successful second authentication, it can make use the response value to redirect to the target page.

Hope this helps.

Regards,

Kar Meng