Layer7 API Management

 View Only
  • 1.  CA advanced authentication integration with 3rd Party Applications to provide MFA

    Posted Mar 07, 2021 03:52 AM
    Dears,

    We know how we can integrate ca advanced authentication with SiteMinder to Provide MFA for resources protected by SieMinder.
    But what if we need to provide MFA to other  third party applications using ca advanced authentication ? Is this Use case possible to implement ? If yes, then what are the available options CA Advanced provide to provide MFA for other third party applications ?

    Best Regards


  • 2.  RE: CA advanced authentication integration with 3rd Party Applications to provide MFA

    Posted Mar 08, 2021 03:34 AM
    Mohammed,

    do you have something specific in mind?
    you have many options. AA has both an SDK and web services if you want to develop a specific integration inside the application.
     the CA Adapter has a SAML interface so that you can use it for an application (now there are many) using this protocol.
    Another option is to ask HCL GD to develop the customization for you. They have develop many of those and maybe they already have what you are looking for.
    regards
    Franco


  • 3.  RE: CA advanced authentication integration with 3rd Party Applications to provide MFA

    Posted Mar 10, 2021 01:35 AM
    Dear Francesco,

    If you can please elaborate more on this approach "CA Adapter has a SAML interface so that you can use it for an application (now there are many) using this protocol."
    When we integrate SiteMinder with Advanced Authentication, we create this adapter profile to provide MFA for the SiteMinder protected resources.

    But suppose we have an application (any simple application ) which just has a login and for which we need to implement MFA using Advanced Authentication, how can we do that using the Adapter Profile ?

    Best Regards



  • 4.  RE: CA advanced authentication integration with 3rd Party Applications to provide MFA

    Posted Mar 10, 2021 02:56 AM
    Dear Mohammad,
    that's why I asked if you have some specific use case to manage.
    If I understood correctly you already have Siteminder integrated with Adv Auth, but you would like to add MFA to an existing application which has its own login process.
    That's the typical problem when you want to integrate an application in Siteminder. You need to remove the internal login process and substitute it with something managed by Siteminder (agent+http header, Radius, SAML, Openid, etc).
    If you are able to do it, you can use an authentication scheme with MFA for getting your goal.
     
    Instead if you would like maintain current internal login, just adding MFA, you need to change something in the application. First check if you can use some of the possible standard interfaces (SAML, Radius, etc), then check if you can change the login procedure adding some custom code (maybe with an exit). AA has a Java SDK or you can use SOAP or rest web services.

    About SAML interface, the CA Adapter is normally used for integrate AA with Siteminder, but without Siteminder you can implement the integration with a federated application just using the CA Adapter. The CA adapter is acing as a SAML IdP of your application.
    Let me add that if you have Siteminder in place I would prefer to manage the federation with siteminder AdminUI.

    Regards
    Franco