Hi, Does anonymous authentication scheme add any security to a website with all public/unprotected pages?All pages on our new portal are public where users do not have to authenticate with username & password but can do transctions after they answer few questions about their account details present in our database.
I would have thought that Single sign on can provide security with Device DNA and session linker technology even if user doesnot have to login ? Is this valid requirement to use Siteminder?
Thanks in advance
Anonymous authentication is NOT a limitation factor to use Enhanced Session Assurance with DeviceDNA functionality.So, even if you are using anonymous authentication, it should be providing you the needed security of not being able to hijack the session cookie and replay it in another session if that is what you are after.
It is able to do so because, the list of the data element that it captures for DeviceDNA is quite extensive some of which includes elements like system, hardware, browser, plugins etc.
How to Configure Enhanced Session Assurance with DeviceDNA™ - CA Single Sign-On - 12.52 SP1 - CA Technologies Documentat…
Many Thanks Ujwol. Documentation of anonymous authentication scheme mentions that a guest DN (distinguished name) is required. We dont have any personalised contents for anonymous users. Do we still need a guest DN in user store? In fact for the first phase we have all users accessing site anonymously so we would like to avoid set up of a user store (as there are no user details to be stored).
Is there any documentation about what guest DN attributes are required to be set up for anonymous authentication
You can check the following documentation :
Verify that the following prerequisites are met before configuring an anonymous authentication scheme:
To track users according to GUIDs assigned by Anonymous authentication, enable user tracking on the Global Settings pane of the Administrative UI.
Regarding the user attributes, you would need to configure the UID, Disabled Flag and Password fields in the User directory. I saw some issue with anonymous auth scheme if the disabled flag is not configured.
Hope it helps,