How to change Basic Authentication to forms authentication

book

Article ID: 140194

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal CA Identity Suite

Issue/Introduction

How to protect the Identity Portal admin UI with Siteminder form based authentication.

Environment

Release : 14.2

Component : SIGMA-Identity Suite

Resolution

To configure the protection of the IP admin console, the jboss security constraint needs to be disabled in the sigma.war file.

Edit the file sigma.war/WEB-INF/web.xml.At the bottom of the file comment out the entire security constraint.


 <!--

  <security-constraint>

    <web-resource-collection>

      <web-resource-name>SIGMAAdminUI</web-resource-name>

      <url-pattern>/admin/*</url-pattern>

      <url-pattern>/rest/admin/*</url-pattern>

    </web-resource-collection>

    <auth-constraint>

      <role-name>SigmaAdministrators</role-name>

    </auth-constraint>

    <user-data-constraint>

      <transport-guarantee>NONE</transport-guarantee>

    </user-data-constraint>

  </security-constraint>

  <login-config>

    <auth-method>BASIC</auth-method>

    <realm-name>SIGMA</realm-name>

  </login-config>

  <security-role>

    <role-name>SigmaAdministrators</role-name>

  </security-role>

 -->


After making the above change, make sure you have the /sigma realm defined in the siteminder domain.  Here is the link to the IP that describes the procedures.

http://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/identity-portal/14-2/integrating/ca-single-sign-on-integration/ca-sso-prerequisites.html


Next, make sure you defined a form for the sigma/app realm.  Here is the information to configure the form authentication.

http://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/identity-portal/14-2/integrating/protecting-ca-identity-portal-with-ca-single-sign-on.html


Basically, once you have the realms for /sigma and the form configured


Once the above is configured, trying to access the /sigma/admin will provide your specified form for authentication.