Idea Details

Siteminder user login restrictions

Last activity 06-03-2019 08:38 PM
AtulS's profile image
01-30-2015 12:23 AM

Platform Details:

 

What is the policy server version ? SP ? CR ?[Sharma Atul]   12.52.100.499

> What is the OS ?[Sharma Atul]  Linux 2.6.32-431.20.3.el6.x86_64

> What is your Policy Store vendor ?[Sharma Atul]  7.1 SQL Server

> What is your User Directory vendor ?[Sharma Atul]  Microsoft AD 2008

> What is the WebAgent version ? SP ? CR ?[Sharma Atul]  SiteMinder APACHE 2.2 WebAgent, Version 12.0 QMR03

> What is the WebServer version ?[Sharma Atul] Linux 2.6.32-431.20.3.el6.x86_64

> What is the OS of the WebServer ?[Sharma Atul]  Linux

 

CA Support Ticket:

 

Refer CA Support Request 00009118 - Siteminder restrictions for more details.

 

Problem Statement

 

Recently received a request from to define the user limitation based on these conditions:

 

(Max x login per day) &&(Minimum y minutes between login).

 

  1. Although the restriction based on time and IP could have been easy J but for this one we might have to work with active policy using dynamic authorization based on the above logic.

 

I saw Sm_PolicyApi_Policy_t also, but this again talks about the time grid array where we can restrict the policy to be fired on specified time :

  1. e.g.        To restrict the policy from being fired from 8 AM to 10AM on Tuesday,

turn off the Tuesday bit in hours 8 AM and 9 AM: 7F7F7F7F7F7F7F7F7C7C7F7F7F7F7F7F7F7F7F7F7F7F7F7F

 

We need to device a method which can count the AzAccept for a particular user in a day and then restrict the access based on count of AzAccepts happening.

 

Please share if you have any suggestions.

 

Thanks in advance.

 

Best Regards,

Atul Sharma


Comments

04-28-2015 11:28 AM

AtulS,

 

Can you explain the use case more?  Maybe there is a different way to implement what you need rather than counting AzAccepts.

 

I ask because the requirement sounds like to me "when you have a hardworking user, shutoff their access." :-)

04-28-2015 09:35 AM

 

Thank you for your contribution of an enhancement idea to the CA Community.   CA is continually working to improve its software and services to best meet the needs of its customers.  Your input is vital to that effort.  The CA Single Sign-On Product Management team has reviewed your suggested enhancement. Based on current priorities the idea is not one that we plan to execute. Therefore, it is being moved to a “Not Planned” status.  If, at a later date, you would like the Community to have the opportunity to vote on this again, you may resubmit it for renewed review.

 

04-28-2015 09:35 AM

Hi Atul,


Reading the use case, it seems to me that there may be a custom solution that could be developed using the Authz log and policy customization to achieve the result you are trying to achieve; "count the AzAccept for a particular user in a day and then restrict the access based on count of AzAccepts happening".   I think that is going to be the best path to take this idea.   Please ask your CA Account manager to connect you with our Global Delivery team to talk over this item and see if they are able to assist.  As I look at the items in the ideation site, I am confident that this idea is not likely to achieve significant enough interest from the community to make it a strong candidate for development directly into the product.

01-30-2015 02:01 AM

Yes,

That’s what I have done mate .

 

Best Regards,

Atul Sharma

01-30-2015 02:00 AM

Hi AtulS

Don't think you can change idea to question. It's better you create a new question thread and ask the question.

01-30-2015 01:48 AM

Thanks for your comment. Changes it to Question now ☺

 

Best Regards,

Atul Sharma

01-30-2015 01:15 AM

Hi AtulS

 

This looks like a question rather than an idea. Can you please change this to a question so we have the members to review the question? This looks like more on customization question and maybe services or engineering team has some idea.

 

Regards,

Kar Meng