Symantec Access Management

  • Private Community
 View Only

  • 1.  siteminder custom logon page

    Posted Dec 09, 2019 11:31 AM
    is there any way to use my own logon page instead of *.fcc files coming with siteminder agent?

    according to many urls I read while googling, I need post to login.fcc with my own page, then site minder can authenticate the user.
    I guess I can set the target to where I want.

    if I want to achieve the following levels

    level 0 -- unprotected
    level 5 user name validation only -- sample loginusername.fcc has both user name and password, odd. I was hoping siteminder can validate my user name only instead of user name password as login.fcc

    level 10 -- user name and password, post to login.fcc?

    level 15- active id hard token  --- instead of integrating siteminder directly with token provider, can I write my own code to validate token.
    if I do , how do I configure it in Siteminder?


  • 2.  RE: siteminder custom logon page
    Best Answer

    Broadcom Employee
    Posted Dec 10, 2019 02:20 AM
    Hi Thomas,

    Indeed, you can use the Custom Authentication Scheme :

    Custom Authentication Schemes
    https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/single-sign-on/12-8-03/configuring/policy-server-configuration/authentication-schemes/custom-authentication-schemes.html

    For the level 5, you can use the Anonymous Authentication Scheme

    Anonymous Authentication Schemes
    https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/single-sign-on/12-8-03/configuring/policy-server-configuration/authentication-schemes/anonymous-authentication-schemes.html

    For the level 10, indeed POST to login.fcc.

    And for the level 15, use the Custom Authentication Scheme.

    Custom Authentication Schemes
    https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/single-sign-on/12-8-03/configuring/policy-server-configuration/authentication-schemes/custom-authentication-schemes.html

    I hope this helps,

    Best Regards,
    Patrick
    Original Message


  • 3.  RE: siteminder custom logon page

    Posted Dec 10, 2019 07:10 AM

    Thanks for your reply, Patrick,

    so essentially level 5 and 15 requires me to write custom authentication code with the siteminder SDK?
    do I just import all sdk java jars to extend SmAuthScheme?

    for level 10, can I use my logon page with user name and password, instead of posting to login.fcc, can I post to a custom java code to config in Custom Authentication Scheme ?
    if I can post to my own custom java code, why do I need post to login.fcc?
    if I cannot post to my own custom java code, then the approach for level 5 and 15 will not work either.

    the key is how I can let Siteminder know of the authentication and generate SMSession cookie for future traffic.


    Tom


    Original Message


  • 4.  RE: siteminder custom logon page

    Broadcom Employee
    Posted Dec 11, 2019 03:03 AM
    Hi Thomas,

    For the 5, you can use the out of the box anonymous authentication
    scheme.

    For the 15, you need the custom authentication and as such customize
    with SDK.

    For 10, so you can POST data to the .fcc login page.

    More, you asked :

    "the key is how I can let Siteminder know of the authentication and
    generate SMSession cookie for future traffic"

    Could you develop a little more ?

    Best Regards,
    Patrick
    Original Message


  • 5.  RE: siteminder custom logon page

    Posted Dec 11, 2019 10:55 AM
    Edited by Thomas Wan Dec 11, 2019 11:00 AM
    Hi Patrick


    Level 5, if i configure anonymous authentication, I would protect my level resources as /level5/*, config the target landing page as /level5/landing

              if it works correctly, siteminder will forward to the landing page configured, right?


    For the 15, you need the custom authentication and as such customize
    with SDK.

    do I just import all sdk java jars and write custom code to extend SmAuthScheme?
    when I use my own custom code, I will not submit to login.fcc, how would siteminder know of success or failure, how would siteminder allow the level 15 protected resources such as /level15/*? 
    same thing for landing page, I config my landing page for level 15 as /level15/landing

    For 10, so you can POST data to the .fcc login page.
    same thing for landing page, I config my landing page for level 10 as /level110/landing, where I can do further programmatic authentication 



    Original Message


  • 6.  RE: siteminder custom logon page

    Broadcom Employee
    Posted Dec 12, 2019 02:41 AM
    Hi Thomas,

    Take a look at the following KD to get a sample how to configure in
    java an SDK Custom Authentication Scheme :

    How to run the java custom authentication scheme provided with the sample SDK.
    https://ca-broadcom.wolkenservicedesk.com/external/article?articleId=50049

    Best Regards,
    Patrick
    Original Message


  • 7.  RE: siteminder custom logon page

    Posted Dec 12, 2019 07:03 AM

    Hi Patrick,
    That is great for how to run the custom authentication code.

    can you review my understanding how to configure the levels?
    Thanks

    Level 5, if i configure anonymous authentication, I would protect my level resources as /level5/*, config the target landing page as /level5/landing

              if it works correctly, siteminder will forward to the landing page configured, right?


    For the 15, you need the custom authentication and as such customize with SDK.
    when I use my own custom code, I will not submit to login.fcc, how would siteminder know of success or failure, how would siteminder allow the level 15 protected resources such as /level15/*?
    same thing for landing page, I config my landing page for level 15 as /level15/landing

    For 10, so you can POST data to the .fcc login page.
    same thing for landing page, I config my landing page for level 10 as /level110/landing, where I can do further programmatic authentication



    Original Message