Symantec Access Management

  • 1.  onAuthAccept to trigger a custom Java aclass

    Posted Feb 13, 2017 12:02 PM

    I want to trigger a Java Class [used by IDM] on AuthAccept Event on Siteminder 

    can this be achieved ?



  • 2.  Re: onAuthAccept to trigger a custom Java aclass

    Posted Feb 13, 2017 12:13 PM

    Requirement:

    I want last 5 logins of sm_user; I know i can write query on smaccesslog4 however this table has huge data worth of 2 Years [SLA] aditionally every day we have an average of 30K customers logging to the Application so even after re-org DB frequent with enough Indexes the query  takes huge amount of time to retrieve the recent 5 Logins from the "smaccesslog4" table.

     

    So, alternatively i am planning an approach to add lookup table for Login History and insert the data on every OnAuthAccept Call of Siteminder Authorization API.

     

    - please advise if i can achieve this using ActiveExpresion to fetch SMSESSION & SM_USER and pass it on to the Login History Table.



  • 3.  Re: onAuthAccept to trigger a custom Java aclass
    Best Answer

    Posted Feb 14, 2017 01:13 AM

    Hi Manju,

     

    You asked -"I want to trigger a Java Class [used by IDM] on AuthAccept Event on Siteminder  can this be achieved ?"

     

    Ujwol => Yes, you can invoke ActiveResponse/ActiveExpression on OnAuthAccept event.

    I have following tech tip where I have demonstrated the same :

    Tech Tip : CA Single Sign-On :Policy Server::Encrypted Active Response 

     

    You asked ="please advise if i can achieve this using ActiveExpresion to fetch SMSESSION & SM_USER and pass it on to the Login History Table."

     

    Ujwol => I don't see a reason why not. See sample below ...

     

    public String
    invoke(ActiveExpressionContext context,
    String param)
    throws Exception
    {
    if (context == null)
    {
    // should never happen
    throw new IllegalArgumentException("ActiveResponseSample invoked without context");
    }
    // the User Context is required to use the methods like getProp, setProp..
    UserContext theUserContext = context.getUserContext();
    if (theUserContext == null)
    {
    context.setErrorText("No User Context.");
    return null;
    }

    String userName = theUserContext.getUserName();
    String sessionID= theUserContext.getSessionID();

    // LOGIC to Insert userName and SessionID into new Lookup Table.

    return null;

    }

     



  • 4.  Re: onAuthAccept to trigger a custom Java aclass

    Posted Feb 14, 2017 09:53 AM

    Thanks ujwol

     

    Sent from my iPhone