The CA SSO SiteMinder (smauthetsso) authentication scheme lets the SiteMinder Policy Server validate CA SSO authentication credentials so that a user already authenticated in an CA SSO/WAC environment does not need to re-authenticate to SiteMinder. This custom authentication scheme accepts a CA SSO Cookie as a login credential; has it validated by an CA SSO Policy Server; extracts the user name from it; and verifies that the name is present in the SiteMinder user store. You can set this authentication scheme in a cookie, cookieorbasic, or cookieorforms mode.
You can configure one CA SSO Policy Server to failover to another CA SSO Policy Server when it fails for some reason. To configure failover, specify a comma-separated list of CA SSO Policy Servers in the parameter field on the Scheme Setup group box on the Authentication Scheme Dialog.
Note: The following procedure assumes that you are creating an object. You can also copy the properties of an existing object to create an object. For more information, see Duplicate Policy Server Objects.
To configure the authentication scheme
The Create Authentication Scheme pane opens.
Authentication scheme settings open.
Note: Click Help for descriptions of settings and controls, including their respective requirements and limits.
Scheme-specific fields and controls open.
Note: Click Help for descriptions of settings and controls, including their respective requirements and limits.
Mode [; <Target>] ; AdminID ; CAPS_Host ; FIPS_Mode ; Identity_File
Note: Separate tokens with semicolons. You may enter a space before and after each token for improved legibility.
Example: cookie ; SMPS_sso ; myserver.myco.com ; 0 ; /certificates/def_root.pem
Example: cookieorforms ; /siteminderagent/forms/login.fcc ; SMPS_sso ; myserver.myco.com ; 1 ; /certificates/def_root.pem
Specifies the type of credentials the authentication scheme accepts. Accepted values include cookie, cookieorbasic, or cookieorforms. cookie specifies that only CA SSO cookies are acceptable; cookieorbasic specifies that a basic authentication scheme is used to determine the login name and password if a CA SSO cookie is not provided; cookieorforms specifies that specifies that a forms authentication scheme is used to determine the login name and password if a CA SSO cookie is not provided.
Specifies the pathname of the .fcc file used by the HTML Forms authentication scheme.
Note: This value is only required for the cookieorforms mode.
Specifies the user name of the CA SSO Policy Server administrator for the CA SSO Policy Server. SiteMinder uses the administrator’s user name and password to request validation of CA SSO cookies when authenticating to the CA SSO Policy Server.
Specifies the name of the host where the CA SSO Policy Server resides.
Specifies the FIPS mode of operation in which the Policy Server is operating. Zero (0) specifies non-FIPS mode. One (1) specifies FIPS mode.
Specifies the path to the CA SSO identity file. The Policy Server uses this file to communicate with the CA SSO Policy Server.
The authentication scheme is saved and may be assigned to a realm.
CA User Activity Reporting Module (CA UAR) provides SiteMinder connector guides, which detail how to configure a CA UAR integration with SiteMinder. The guide you use depends on whether SiteMinder is configured to store audit information in a text file (smaccess.log) or an ODBC database.
To locate the CA UAR connector guides
The SiteMinder connector guides are based on the type of logsensor that CA UAR is to use.
Each of these guides is also available from the CA UAR Administrative UI when you create the required connector. To access these guides when creating the connector, click Help.
|
Copyright © 2012 CA.
All rights reserved.
|
|