Symantec Access Management

Hi,

We don't want to use authentication using username/password any more.
We developed our own Custom Authentication scheme for Userid / OTP (where userid can also be the emailaddres)
This authentication scheme should be the only way to logon to the different web applications.
Some web applications use the old fashioned username/password authentication, eg. logon to Identity Manager.
All web applications should use the user id /OTP format.
This mean that we should change Identity Manager forms also, when a user is created or modified  a password no longer is required.
Also the Identity Manager superuser will have a user id/OTP for managing the users/organizations/roles/screens etc.
The reset password no longer exists.

In Siteminder we have the password policy, which we don't need any longer. users don't have to change the passwords any more.
Also the user has a special attribute for de password data-blob, not needed any more (configured in the directory definition)

So, what steps are needed when a password is no longer required for a user.

Regards,
Edwin Scheffer

Edwin, If you created your own way of authentication, and did not follow the custom authentication scheme setup from SiteMinder, then you're on your own to customize the next steps to connect to authorization via SiteMinder if that's what you intend to do.
Rgds.
Original Message:
Sent: 12-11-2019 03:30 AM
From: Edwin Scheffer
Subject: Howto configure siteminder not using username/password anymore

Hi,

We don't want to use authentication using username/password any more.
We developed our own Custom Authentication scheme for Userid / OTP (where userid can also be the emailaddres)
This authentication scheme should be the only way to logon to the different web applications.
Some web applications use the old fashioned username/password authentication, eg. logon to Identity Manager.
All web applications should use the user id /OTP format.
This mean that we should change Identity Manager forms also, when a user is created or modified  a password no longer is required.
Also the Identity Manager superuser will have a user id/OTP for managing the users/organizations/roles/screens etc.
The reset password no longer exists.

In Siteminder we have the password policy, which we don't need any longer. users don't have to change the passwords any more.
Also the user has a special attribute for de password data-blob, not needed any more (configured in the directory definition)

So, what steps are needed when a password is no longer required for a user.

Regards,
Edwin Scheffer

It seems like you would remove the Password Policy and modify the Auth. Scheme on the Realms to use the Custom Auth Scheme.
Original Message:
Sent: 12-11-2019 03:30 AM
From: Edwin Scheffer
Subject: Howto configure siteminder not using username/password anymore

Hi,

We don't want to use authentication using username/password any more.
We developed our own Custom Authentication scheme for Userid / OTP (where userid can also be the emailaddres)
This authentication scheme should be the only way to logon to the different web applications.
Some web applications use the old fashioned username/password authentication, eg. logon to Identity Manager.
All web applications should use the user id /OTP format.
This mean that we should change Identity Manager forms also, when a user is created or modified  a password no longer is required.
Also the Identity Manager superuser will have a user id/OTP for managing the users/organizations/roles/screens etc.
The reset password no longer exists.

In Siteminder we have the password policy, which we don't need any longer. users don't have to change the passwords any more.
Also the user has a special attribute for de password data-blob, not needed any more (configured in the directory definition)

So, what steps are needed when a password is no longer required for a user.

Regards,
Edwin Scheffer

But how do we trust only OTP ? Just curious to understand. I am sure you have given enough thought. If you can pls assist to understand what drives us go to OTP instead of password ? 

I understand password less authentication is growing but atleast for me with OTP we are going behind password control. Apologise if my query is not suitable here.
Original Message:
Sent: 12-11-2019 03:30 AM
From: Edwin Scheffer
Subject: Howto configure siteminder not using username/password anymore

Hi,

We don't want to use authentication using username/password any more.
We developed our own Custom Authentication scheme for Userid / OTP (where userid can also be the emailaddres)
This authentication scheme should be the only way to logon to the different web applications.
Some web applications use the old fashioned username/password authentication, eg. logon to Identity Manager.
All web applications should use the user id /OTP format.
This mean that we should change Identity Manager forms also, when a user is created or modified  a password no longer is required.
Also the Identity Manager superuser will have a user id/OTP for managing the users/organizations/roles/screens etc.
The reset password no longer exists.

In Siteminder we have the password policy, which we don't need any longer. users don't have to change the passwords any more.
Also the user has a special attribute for de password data-blob, not needed any more (configured in the directory definition)

So, what steps are needed when a password is no longer required for a user.

Regards,
Edwin Scheffer