Previous Topic: Create Rules for the Back-end Policy Domain

Next Topic: Configure Policies for Back-end Credential Selection

Configure AuthContext Responses for the Back-end Policy Domain

An AuthContext response is configured for each authentication scheme in the BackendAuth domain. Each of these responses contains an AuthContext response attribute, which is evaluated only on an OnAuthAccept event. Its value is added to the SiteMinder session ticket as the value of the SM_AUTHENTICATIONCONTEXT user attribute. It is not, however, returned to the client as a user response.

For this example, the list of responses should be:

 

Name

Agent Type

Description

Form

Web Agent

AuthContext for username/password auth

Certificate

Web Agent

AuthContext for certificate auth

CertandForm

Web Agent

AuthContext for cert and form auth

SecurID

Web Agent

AuthContext for SecurID auth

SafeWord

Web Agent

AuthContext for SafeWord auth

Windows

Web Agent

AuthContext for Windows auth

Note: The response attribute value is truncated to 80 bytes in length.

To configure an AuthContext response attribute, select the WebAgent-OnAuthAccept-Session-AuthContext response attribute type.

The following illustration shows the creation of an AuthContext response attribute using the WebAgent-OnAuthAccept-Session-AuthContext attribute type.

AutContext Response Attribute

As the illustration shows, the AuthContext response attribute type is static. When Federation Security Services is in use, you can specify a static attribute to define a constant or literal value for better encapsulation. Constant values include strings.

SiteMinder variables and active expressions add more flexibility to configuring AuthContext response attributes. They may also contain the authentication timestamp and/or a hash value of a SAML assertion.

The following group box shows one of the resulting responses configured for this solution. This is the attribute for the Form response.

SM--Response Attribute for BackendAuth Domain


Copyright © 2010 CA. All rights reserved. Email CA about this topic