is it possible for a custom SmAuthScheme impl to obtain a reference to the current RequestContext

Article Id: 102357

Status: Published

Updated On: 18-06-2018 07:25

Products:

CA Single Sign On Secure Proxy Server (SiteMinder) AXIOMATICS POLICY SERVER CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On CA Single Sign-On

Issue/Introduction:

Is it possible for a custom SmAuthScheme impl to obtain a reference to the current RequestContext, or anything else that can provide the full URL+queryparams of the requested resource that prompted the authentication?

Environment:

Release:
Component: SMAPC

Resolution:

Authentication schemes only manage credentials, and do not have access to properties about the original request such as the URL/URI.

The web agent constructs the query string passed on to the configured login page on its own. The credentials you type or submit get passed back to the authentication scheme, and the authentication scheme returns a binary yes/no answer to the policy server process on if authentication passed, with additional possible attributes like if the account is locked, a password change is required, etc.

An authentication scheme does not have a mechanism to make an authentication time decision based on the original URL, or specify what URL the user should return to.
Active expressions do have access to the RequestContext class, and can make decisions based on the action (GET/POST etc), server name of the HTTP request, and URI of the request. The possible types of active expressions are an Active Rule, Active Policy, or Active Response.