Previous Topic: Configure a SecurID Authentication SchemeNext Topic: X.509 Client Certificate Authentication Schemes

Policy Server GuidesPolicy Server Configuration GuideAuthentication SchemesSecurID Authentication SchemesConfigure a SecurID and HTML Forms Authentication Scheme

Configure a SecurID and HTML Forms Authentication Scheme

You use a SecurID and HTML forms authentication scheme to use a custom HTML form to authenticate users logging in with ACE credentials.

Note: The following procedure assumes that you are creating an object. You can also copy the properties of an existing object to create an object. For more information, see Duplicate Policy Server Objects.

To configure the authentication scheme

  1. Click Infrastructure, Authentication.
  2. Click Authentication Scheme, Create Authentication Scheme.

    The Create Authentication Scheme pane opens.

  3. Click OK.

    Authentication scheme settings open.

    Note: Click Help for descriptions of settings and controls, including their respective requirements and limits.

  4. Select SecurID HTML Form Template from the Authentication Type Style list.

    Scheme-specific settings open.

  5. Enter a name and a protection level in the General group box.
  6. Enter server, target, and ACE attribute information in the Scheme Setup group box.
  7. Click Submit.

    The authentication scheme is saved and may be assigned to a realm.

Forms Support for Re-activating and Verifying SecurID Users

If you protect a realm with the SecurID and HTML Forms scheme, users who are suspended due to improper logins can attempt to activate their accounts using a number of customizable HTML forms provided with SiteMinder. You can modify the layout and wording of these forms, but you must not modify the tags that gather user information.

The forms provided with SiteMinder include the following:

PWLogin.template

This form is where users enters a username and passcode to login.

PWNextToken.template

This template requests multiple tokencodes to confirm that the user is in possession of a working SecurID token.

Forms Support for Activating New User Accounts

The following forms are used by SiteMinder when an administer creates a new user account, and that user logs in. Through the forms, a user creates a PIN, or has SiteMinder generate a random PIN.

PWSystemPIN.template

For new users, or users whose accounts have been suspended (due to too many invalid login attempts), this template prompts the user to acquire a new PIN. This template accepts the user’s original username and passcode, but instead of granting access to a protected resource, it redirects the user to another form where the user can receive or create a new PIN.

PWNewPINSelect.template

This template allows a user to indicate if the system should generate a new PIN, or if the user wants to enter a new PIN.

PWUserPIN.template

This template allows a user to enter a new PIN. It requires that the user provide a valid username and passcode along with the new PIN. In this template, $USRMSG$ is replaced with instructions for creating a new PIN number. For example:

PINs must be between 4 and 8 characters in length.

PWPINAccept.template

This template indicates that a new system-generated PIN has been created. In this template, $USRMSG$ is replaced by the system generated PIN.

When a user clicks Continue, the user is immediately prompted to log in using the new PIN.