We are exploring the TWO factor authentication solution with Siteminder functionality. Here is the complete user experience we are trying to setup through Siteminder authentication scheme (x.509 Certificate with Basic Form).
1F = 1st Factor = x.509 Certificate (Have Factor)
2F = 2nd Factor = SSO Credentials (Known Factor: User ID and Password through LDAP or AD)
1) Siteminder should challenge both factors at first time whenever user try to access above two factor protected resources. As a first step user should get authenticated using 1F(x.509 base) AND then user will authenticate using 2F (form base Credentials)
2) Once user get authenticate successfully, Siteminder should issue the following two tokens:
1Token = SM1 = Valid for 15 mins (Session Token)
2Token = SM2 = Valid for 10 days (Persistent Token)
3) So for any future subsequent requests, user should only be get challenged for 1st factor or authenticated seamlessly until 2Token get expired (SM2 is valid for 10 days).
Appreciate if someone highlight or share the solution on how to achieve this functionality through Siteminder.
But in SM you can craft your own custom auth scheme, and auth pages. What you are after is "probably" possible. In previous life I've helped craft a whole bunch of different schemes, some quite custom, and I suspect you may be able to do what you want - but would need a bit of work.
At this point you would want to spend a few days trying to set it up and see what road blocks you hit, and to be sure it was possible. From a support perspective, we'd recommend speaking to CA Services, it you did not have the custom SDK expertise within your organisation for that sort of work.
Cheers - Mark
Thanks and appreciate your response on my query; we will look in details and in case required then will engage with support team.