Layer7 Access Management

Expand all | Collapse all

Advanced auth basic setup question

Jump to Best Answer
  • 1.  Advanced auth basic setup question

    Posted 04-16-2018 08:16 PM

    Hello Everyone, This probably is a pretty basic dump question for veterans on this board.

    Please bear with me as I start my first implementation of Advaced authentication.I am following the doc line by line although it is super confusing. I got all the components and web applications deployed.  My Risk/Strong auth servers(running as arcot user) , policy servers (smuser )and CA adapter(running as arcot user))  , tomcat (hosting admin ,uds, statemanager) are all going to be on the same machine. Web Agent and FCC are on a different machine. All of them are finally running fine. I can login to admin and create a bunch of user directories etc. I have created a SiteMinder SSO profile with Adapter and enabled 2F authentication. My goal is to get a email with OTP when risk score is between 30 -70. But I get shim.fcc , upon entereing userid I get redirected to shimerr.fcc saying ' Unable to create Token ' . I am sure I am missing bunch of things. Policy Server throws auth reject error(not sure what to expect as no password is entered at that point). Nothing in any of the arcot logs.

     

     

    Can anyone take few mins and explain the entire flow as to : 

    1. what are the calls made by shim.fcc(how it is different from regular webagent)

    2. What does policy server do (more information on what custom auth scheme does)

    3. How /when /which arcot components come into play in my simple scenario  Thanks in advance.

     

    Ujwol , Good to see you on this board. 

     

    Thanks everyone in advance.



  • 2.  Re: Advanced auth basic setup question
    Best Answer

    Posted 04-16-2018 09:44 PM

    Hi Anil,

     

    Thanks and welcome to AA community.

    My contribution to this forum is bit limited though  

     

    Have you had a look at this :

    Tech Tip - CA Single Sign-On:How to integrate CA SSO with CA Advanced Authentication 

     

    Bit caught up right now , but will come back and try to answer your questions bit later.


    Regards,

    Ujwol