An AuthContext response is configured for each authentication scheme in the BackendAuth domain. Each of these responses contains an AuthContext response attribute, which is evaluated only on an OnAuthAccept event. Its value is added to the SiteMinder session ticket as the value of the SM_AUTHENTICATIONCONTEXT user attribute. It is not, however, returned to the client as a user response.
For this example, the list of responses should be:
Name |
Agent Type |
Description |
Form |
Web Agent |
AuthContext for username/password auth |
Certificate |
Web Agent |
AuthContext for certificate auth |
CertandForm |
Web Agent |
AuthContext for cert and form auth |
SecurID |
Web Agent |
AuthContext for SecurID auth |
SafeWord |
Web Agent |
AuthContext for SafeWord auth |
Windows |
Web Agent |
AuthContext for Windows auth |
Note: The response attribute value is truncated to 80 bytes in length.
To configure an AuthContext response attribute, select the WebAgent-OnAuthAccept-Session-AuthContext response attribute type.
The following illustration shows the creation of an AuthContext response attribute using the WebAgent-OnAuthAccept-Session-AuthContext attribute type.
As the illustration shows, the AuthContext response attribute type is static. When Federation Security Services is in use, you can specify a static attribute to define a constant or literal value for better encapsulation. Constant values include strings.
SiteMinder variables and active expressions add more flexibility to configuring AuthContext response attributes. They may also contain the authentication timestamp and/or a hash value of a SAML assertion.
The following group box shows one of the resulting responses configured for this solution. This is the attribute for the Form response.
Copyright © 2010 CA. All rights reserved. | Email CA about this topic |