Reading the following document:
How to Require Re-authentication for Sensitive Resources - CA Single Sign-On - 12.52 SP2 - CA Technologies Documentation
There is a reference to a OnAccessValidateIdentity action. I can't find any other reference to that in the documentation. What version and/or component provides that action option?
This Feature for "Sensitive Tasks" was released in R12.51.
https://support.ca.com/cadocs/0/CA%20SiteMinder%2012%2051-ENU/Bookshelf.html#maincontent
The impacted components are the WAMUI Code and Policy Server Code. Presumably the WebAgent code as well.
Creating an OnAccessValidateIdentity rule in the policy is the next step that the policy administrator takes toward protecting sensitive resources. This rule rejects the current credentials of the user which started the session. This rejection forces the user to re-authenticate before accessing the sensitive resource.
Follow these steps:
Click the Resource field and enter the URL of the sensitive resource. The following example defines an HTML page named transfer_funds as the sensitive resource:
transfer_funds.html
Click the following item under the Action list:
OnAccessValidateIdentity
Additional notes are available in these comments (not the entire thread, just the comment).
https://communities.ca.com/message/241954078-re-explicit-login?commentID=241954078#comment-241954078
https://communities.ca.com/message/241897406?commentID=241897406#comment-241897406
Thanks for the info, but what I'm wondering is if the action OnAccessValidateIdentity was released in 12.51, why don't I have the option in the authorization action drop down in 12.52 SP1? Does it absolutely require the Session Store?
I've been referring to this document, How to Require Re-authentication for Sensitive Resources - CA Single Sign-On - 12.52 SP1 - CA Technologies Documentation .
What is the version of CA SSO we are talking about? Has the Data Definition and default objects imported?
Regards
Hubert
CA Services
The version is 12.52 SP1, as stated above.
The data definitions were added. We did not import the smpolicy.xml as CA support informed us that it would only update the ACO templates with the new default attributes. Was that incorrect?
It does not only update ACO parameters only. Thats for sure.
About that rule, Do a search for that rule name in smpolicy.xml.
Yes, I found it in the file. I'll import the smpolicy.xml and let you know how it works.
Thanks!
Eric
Mystery solved. I ran the import task and the new action and responses are available. Thanks Hubert!