Reading the following document:
How to Require Re-authentication for Sensitive Resources - CA Single Sign-On - 12.52 SP2 - CA Technologies Documentation
There is a reference to a OnAccessValidateIdentity action. I can't find any other reference to that in the documentation. What version and/or component provides that action option?
This Feature for "Sensitive Tasks" was released in R12.51.
The impacted components are the WAMUI Code and Policy Server Code. Presumably the WebAgent code as well.
Creating an OnAccessValidateIdentity rule in the policy is the next step that the policy administrator takes toward protecting sensitive resources. This rule rejects the current credentials of the user which started the session. This rejection forces the user to re-authenticate before accessing the sensitive resource.
Follow these steps:
Click the Resource field and enter the URL of the sensitive resource. The following example defines an HTML page named transfer_funds as the sensitive resource:
Click the following item under the Action list:
Additional notes are available in these comments (not the entire thread, just the comment).
Thanks for the info, but what I'm wondering is if the action OnAccessValidateIdentity was released in 12.51, why don't I have the option in the authorization action drop down in 12.52 SP1? Does it absolutely require the Session Store?
I've been referring to this document, How to Require Re-authentication for Sensitive Resources - CA Single Sign-On - 12.52 SP1 - CA Technologies Documentation .
What is the version of CA SSO we are talking about? Has the Data Definition and default objects imported?
The version is 12.52 SP1, as stated above.
The data definitions were added. We did not import the smpolicy.xml as CA support informed us that it would only update the ACO templates with the new default attributes. Was that incorrect?
It does not only update ACO parameters only. Thats for sure.
About that rule, Do a search for that rule name in smpolicy.xml.
Yes, I found it in the file. I'll import the smpolicy.xml and let you know how it works.
Mystery solved. I ran the import task and the new action and responses are available. Thanks Hubert!