I have a specific need on an integration that we have. We have a custom authentication scheme where we leverage the HTML Form(username/password) and in the custom auth scheme we get the username to redirect to our integration and everything works just fine.
I now have an urgent need to not use HTML Form and instead use Windows Authentication for 1st factor authentication. Our custom authentication scheme is expecting a username in order to pass it to 2nd factor authentication. So I need to find out if it is possible to get the username from a Windows Authentication Scheme somehow in SiteMinder so I can pass it to my custom authentication scheme.
Thanks in advance.
Please apologize to come late on this case.
I understand that you'd like to know how to set your CustomAuthentication Scheme in order to get the username from the requestand set it in the Username field as value.
We don't provide in Web Agent tools to do it. But may have you achance to get it using Microsoft libraries in your CustomAuthentication Scheme. I've found this link which might give youguidance on this :
How To: Use Windows Authentication in ASP.NET 2.0 https://docs.microsoft.com/en-us/previous-versions/msp-n-p/ff647405(v=pandp.10)
Note that in Windows Authentication Scheme, SiteMinder only trusts theauthentication done by the IIS server.
Hope that helps,
Not sure if this applies to you. if your 2nd factor authentication is a web form (like one time pin), you can do something like this.
Protect your web resource using your 2FA custom auth scheme with a higher protection level. This will redirect to your 2FA form URL.
Protect your 2FA form URL using IWA auth scheme. This will redirect to your IWA .ntc resource for authentication. once authenticated, you should be redirected to your 2FA form.
in the 2FA form, you can use SM_USER header to get the login ID. It may come with the domain portion like
If you don't want the domain part, just programmatically split and get the part you want. and you can use that further in your 2FA authentication process.
so the flow is like this
attempt access protected resource URL -> auto redirect to 2FA form URL -> auto redirect to IWA .ntc -> redirect back to 2FA form -> successful 2FA auth redirects to originally attempted protected resource URL.
On a sidenote, since you are using IWA, best to enable a form fallback using authentication chaining.
Hope this helps someone.