Symantec Access Management

 View Only
  • 1.  How to create siteminder custom authentication scheme to get SMSESSION by using ID_Token ?

    Posted Oct 15, 2019 02:59 PM
    Edited by chandu bandlamudi Oct 15, 2019 03:01 PM
    Hello Everyone,

    How to create siteminder custom authentication scheme to get SMSESSION by using ID_Token ? In that ID_Token we can see basic user information like(email id, first name and last name) Here by using email id we need to generate SMSESSION as we dont know the passwordof the user.

    Please provide me the step by step procedure/documentation or else sample code to acheive this.

    So if anyone could provide me any information on how can i achieve this. I really appreciate.

    Thanks
    Chandu


  • 2.  RE: How to create siteminder custom authentication scheme to get SMSESSION by using ID_Token ?
    Best Answer

    Broadcom Employee
    Posted Oct 18, 2019 11:55 AM

    Chandu,

    There are other community discussion about how to run java custom authentication scheme.
    https://community.broadcom.com/enterprisesoftware/communities/community-home/digestviewer/viewthread?MessageKey=19f44ddd-392b-45db-8f18-ea4f4bfa1c7f&CommunityKey=f9d65308-ca9b-48b7-915c-7e9cb8fc3295&tab=digestviewer#bm19f44ddd-392b-45db-8f18-ea4f4bfa1c7f

    You can also find samples from ~sdk/samples64/javaauthapi.

    However, you use case description itself may have flaws.
    SMSESSION is the result of a successful authentication event. When authentication happens, it needs user id and password, sometime even additional information.
    Since you " don't know the password of the user", then this is not a true authentication process, security can be compromised.
    Authentication scheme's job is to collect credentials from user (including password), if credentials is missing, the user won't be authenticated.
    If your custom authentication scheme choose not to use password, then it has to use something else that only the user knows, otherwise anyone can call the code and get a SMSESSION, which is major security risk.

    Thank you.

    Hongxu


  • 3.  RE: How to create siteminder custom authentication scheme to get SMSESSION by using ID_Token ?

    Broadcom Employee
    Posted Oct 19, 2019 08:27 AM
    Hi Chandu, what you're describing sounds like an authentication scheme SiteMinder already has out of the box. I'm referring to the JWT Authentication scheme. 

    Is there a reason why the OOTB authentication scheme is not going to work for you? 

    For more information about the JWT authentication see:
    https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/single-sign-on/12-8-03/configuring/policy-server-configuration/authentication-schemes/json-web-token-jwt-authentication-scheme.html

    Uzi