Chandu,
There are other community discussion about how to run java custom authentication scheme.
https://community.broadcom.com/enterprisesoftware/communities/community-home/digestviewer/viewthread?MessageKey=19f44ddd-392b-45db-8f18-ea4f4bfa1c7f&CommunityKey=f9d65308-ca9b-48b7-915c-7e9cb8fc3295&tab=digestviewer#bm19f44ddd-392b-45db-8f18-ea4f4bfa1c7fYou can also find samples from ~sdk/samples64/javaauthapi.
However, you use case description itself may have flaws.
SMSESSION is the result of a successful authentication event. When authentication happens, it needs user id and password, sometime even additional information.
Since you "
don't know the password of the user", then this is not a true authentication process, security can be compromised.
Authentication scheme's job is to collect credentials from user (including password), if credentials is missing, the user won't be authenticated.
If your custom authentication scheme choose not to use password, then it has to use something else that only the user knows, otherwise anyone can call the code and get a
SMSESSION, which is major security risk.Thank you.
Hongxu
Original Message:
Sent: 10-15-2019 02:58 PM
From: chandu bandlamudi
Subject: How to create siteminder custom authentication scheme to get SMSESSION by using ID_Token ?
Hello Everyone,
How to create siteminder custom authentication scheme to get SMSESSION by using ID_Token ? In that ID_Token we can see basic user information like(email id, first name and last name) Here by using email id we need to generate SMSESSION as we dont know the passwordof the user.
Please provide me the step by step procedure/documentation or else sample code to acheive this.
So if anyone could provide me any information on how can i achieve this. I really appreciate.
Thanks
Chandu