Previous Topic: Configure an smetssocookie Web Agent Active Response AttributeNext Topic: CA User Activity Reporting Module Integration

Policy Server GuidesPolicy Server Configuration GuideCA SSO/WAC IntegrationConfigure an smauthetsso Custom Authentication Scheme

Configure an smauthetsso Custom Authentication Scheme

The CA SSO CA SiteMinder® (smauthetsso) authentication scheme lets the Policy Server validate CA SSO authentication credentials so that a user already authenticated in a CA SSO/WAC environment does not need to re‑authenticate. This custom authentication scheme accepts a CA SSO Cookie as a login credential; has it validated by a CA SSO Policy Server; extracts the user name from it; and verifies that the name is present in the user store. You can set this authentication scheme in a cookie, cookieorbasic, or cookieorforms mode.

You can configure one CA SSO Policy Server to failover to another CA SSO Policy Server when it fails for some reason. To configure fail‑over, specify a comma-separated list of CA SSO Policy Servers as parameter field in Scheme Setup on the Authentication Scheme page.

Follow these steps:

  1. Click Infrastructure, Authentication.
  2. Click Authentication Schemes.
  3. Click Create Authentication Scheme.

    Verify that the Create a new object of type Authentication Scheme is selected.

    Click OK

  4. Select Custom Template from the Authentication Scheme Type list.
  5. Enter smauthetsso in the Library field.
  6. Enter and confirm the password of the CA SSO Policy Server administrator in the Secret and Confirm Secret fields.
  7. Define an ordered set of tokens in the Parameter field with the following format:

    Mode [; <Target>] ; AdminID ; CAPS_Host ; FIPS_Mode ; Identity_File

    Note: Separate tokens with semicolons. You may enter a space before and after each token for improved legibility.

    Example: cookie ; SMPS_sso ; myserver.myco.com ; 0 ; /certificates/def_root.pem

    Example: cookieorforms ; /siteminderagent/forms/login.fcc ; SMPS_sso ; myserver.myco.com ; 1 ; /certificates/def_root.pem

    Mode

    Specifies the type of credentials the authentication scheme accepts. Accepted values include cookie, cookieorbasic, or cookieorforms.

    cookie

    Specifies that only CA SSO cookies are acceptable.

    cookieorbasic

    Specifies that a basic authentication scheme is used to determine the login name and password if a CA SSO cookie is not provided.

    cookieorforms

    Specifies that a forms authentication scheme is used to determine the login name and password if a CA SSO cookie is not provided.

    Target

    Specifies the pathname of the .fcc file used by the HTML Forms authentication scheme.

    Note: This value is only required for the cookieorforms mode.

    AdminID

    Specifies the user name of the CA SSO Policy Server administrator for the CA SSO Policy Server. CA SiteMinder® uses the user name of the administrator and password to request validation of CA SSO cookies when authenticating to the CA SSO Policy Server.

    CAPS_Host

    Specifies the name of the host where the CA SSO Policy Server resides.

    FIPS_Mode

    Specifies the FIPS mode of operation in which the Policy Server is operating. Zero (0) specifies non-FIPS mode. One (1) specifies FIPS mode.

    Identity_File

    Specifies the path to the CA SSO identity file. The Policy Server uses this file to communicate with the CA SSO Policy Server.

  8. Click Submit.