Symantec Access Management

Expand all | Collapse all

Authentication level

Jump to Best Answer
  • 1.  Authentication level

    Posted 07-20-2015 08:46 PM

    Hi,

     

    I have a strange issue.

     

    I have one realm protected by webagent1 with an HTML Form authentication scheme with Authentication level 5

     

    I have another realm protected by webagent2 with an HTML Form authentication scheme with Authentication level 6

     

    I go to realm1 and it shows me the form and I login.

    I go to realm2, and it doesn't challenge me, it logs me in automatically.

     

    Is there any other configuration necessary other than the auth level in the auth scheme to force the user to login again?

     

    Regards,

    Anand.



  • 2.  Re: Authentication level

    Posted 07-21-2015 12:20 AM

    Anand anand3g

     

    It looks like your configuration is attaining SMSession with AuthLevel-6 when your are trying to access Authlevel-5. Hence not getting challenged.

     

    Are you using the same HTML Forms Authentication Scheme and/OR are you using the same HTML Forms Login Page?

    Both HTML Forms Authentication Scheme and Login Page need to be different, with TARGET being different too.

     

    Authentication Level 5.

    Realm : /authlevel5/*

    HTML Forms Login Page : /siteminderagent/forms/auth5login.fcc

    Target in Login Page : /authlevel5/landing/html

     

    Authentication Level 6.

    Realm : /authlevel6/*

    HTML Forms Login Page : /siteminderagent/forms/auth6login.fcc

    Target in Login Page : /authlevel6/landing/html

     

     

    Regards

    Hubert



  • 3.  Re: Authentication level

    Posted 07-22-2015 02:42 AM

    Hi Ananad,

     

    Have you verified from smacess log, when the user gets authenticated, what protection level is being assigned to the SMSESSION ?

     

    Could you provide snippet of the smacess.log for your use case ?

    But, generally speaking user should ALWAYS be challenged if moving from lower to higher authentication level. No additional configuration is required.

     

    Regards,

    Ujwol Shrestha



  • 4.  Re: Authentication level
    Best Answer

    Posted 07-22-2015 07:11 PM

    okay I resolved this.

     

    There is a minimum authentication level in the partnership as well. That also has to be bumped up. I hadn't seen that.

     

    Once I bumped that up, I get challenged again.

     

    Thanks a lot for your suggestions as usual. You guys are awesome!


    Regards,

    Anand.