Hi Sam Dikeman,
That is one option, but better option is to track this via audit logs.
If you are using text based audit logs , ensure that the registry key :
HKEY_LOCAL_MACHINE\Wow6432Node\Netegrity\SiteMinder\CurrentVersion\Reports\
Enable Enhance Tracing
has value >=3.
In this case, Policy server logs an additional field call "AuthenticaitonMethod" which stores the name of the auth scheme as below :
[Category][Event][Reason][Hostname][Time][AgentName][SessionId][UserName][DomainOid][RealmName][RealmOid][ClientIp][Resource][Action][AuthDirName][AuthDirServer][AuthDirNamespace][TransactionId][StatusMsg][DomainName][ImpersonatorName][ImpersonatorDirName][ObjName][ObjOid][FieldDesc][AssertionId][AssertionIssuerId][AssertionDestinationURL][AssertionStatusCode][AssertionNotOnBefore][AssertionNotOnOrAfter][AssertionSessionStartTime][AssertionSessionNotOnOrAfter][AssertionAuthContext][AssertionVersionId][AssertionClaims][ApplicationName][TenantName][AuthenticationMethod][DeviceHash][DeviceID][UserRefID]
[Az][AzAccept][][LODBL509VM016][27/Jul/2016:21:57:42 -0500][agent][mNP8ccEGWXxxu70qmPtSlgP5RK0=][Guest][03-04be6e5d-178e-4d9e-a335-4f4e805ddfb9][root][06-fb369daf-3947-4f02-b2c3-83f12f1fd8bb][fe80::45d1:dd8d:5f4d:d8b7][/][GET][][][][000080fe000000008dddd145b7d84d5f-1308-5799684a-0a3c-02ed18be][][wells][][][][][][][][][][][][][][][][][][][x509-authscheme][][][]
In case of ODBC auditing, this is tracked automatically.
Regards,
Ujwol