Layer7 Access Management

Expand all | Collapse all

how to reuse the uid and state from one authentication to another authentication page

Jump to Best Answer
  • 1.  how to reuse the uid and state from one authentication to another authentication page

    Posted 09-14-2016 06:05 PM

    We have SAML integration between ServiceNow and SiteMinder using Secure proxy servers.
    We have a use case where regular users and admin users both access the same resource (ServiceNow) however after initial form-based authentication admin users are required to perform RSA 2 factor authentication (Step-up authentication). Our basic requirement was to have admin users only perform the RSA 2 factor authentication, however there is no way to pre-determine a user type without having to authenticate them first and query the LDAP attribute. So we had to adopt this approach.
    These users are identified by an LDAP attribute. So they can only be identified by SiteMinder after initial form-based authentication
    This is how we have implemented this requirement:
    Upon initial form based authentication, if user is an admin user, they are redirected to another protected resource that uses RSA SecurID 2 factor authentication scheme.

    How do we transfer the User ID to the second login page without having the user re-enter their User ID?
    How do we preserve and / or transfer the original deep-linked ServiceNow URL so as to redirect to it upon a successful second authentication?



  • 2.  Re: how to reuse the uid and state from one authentication to another authentication page
    Best Answer

    Posted 09-14-2016 06:41 PM

    Hi,

     

    How do we transfer the User ID to the second login page without having the user re-enter their User ID?

    R: I'm thinking to use the SM_USER header to pass that to second login page

     

    https://support.ca.com/cadocs/0/CA%20SiteMinder%2012%2052%20SP1-ENU/Bookshelf_Files/HTML/idocs/index.htm?toc.htm?345899.html

     

    How do we preserve and / or transfer the original deep-linked ServiceNow URL so as to redirect to it upon a successful second authentication?

    R: I was thinking use response to set the value (ie: OnAuthAccept for initial form-based authentication) so upon the successful second authentication, it can make use the response value to redirect to the target page.

     

    Hope this helps.


    Regards,

    Kar Meng