Which Java Method is for the 'Allow Protection Override' Feature?
search cancel

Which Java Method is for the 'Allow Protection Override' Feature?


Article ID: 145314


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER


SiteMinder documentation mentions the 'Allow Protection Override' checkbox that applies to Custom Authentication schemes.
  • (Optional) Select the Allow Protection Override check box in Scheme Common Setup. This option specifies that the protection level in the library takes precedence over the protection level specified in the Administrative UI.
Which method in the Authentication Java API can be used to set the Protection Level of the Custom Authentication scheme?


Release : 12.8.03



This is part of com.netegrity.policyserver.smapi SmAuthScheme Interface.

Public SmAuthenticationResult authenticate(String parameter, String secret, int challengeReason, SmAuthenticationContext context) 

Performs the custom authentication and returns the authentication result.

SiteMinder calls this method at least twice -- during user disambiguation and during user authentication. For information about these two phases of the authentication process, see the Programming Guide for Java.
parameter - The optional parameter string specified in the Policy Server User Interface, to be used in any way that the authentication scheme requires.
secret - The shared secret specified for the authentication scheme in the Policy Server User Interface. The shared secret is used for any purpose that the authentication scheme requires, such as enryption or credentials operations. Your authentication scheme may or may not require a shared secret.
challengeReason - The reason code from a previous authentication that failed or was challenged, or 0 if unknown. The reason code that SiteMinder passes is the REASON_ constant that the authentication scheme returned in SmAuthenticationResult after the failed or challenged authentication.
context - Contains request context objects, and also methods for passing error and user messages directly to SiteMinder.
Returns: An SmAuthenticationResult object containing status and reason codes. How the returned status code is interpreted depends upon the phase during which SiteMinder called the authentication scheme.

When a user is authenticated for a resource, this attribute holds an integer number (of 0 to 1000) that represents the protection level of the authentication scheme under which the user was authenticated.

Here is an example how this might have been set in custom code:

Public SmAuthenticationResult authenticate(String parameter,
String secret,
int challengeReason,
SmAuthenticationContext context) {

UserContext theUserContext = context.getUserContext();

if (0 != theUserContext.setProp("SM_AUTHENTICATIONLEVEL", "20")) {
context.setUserText("Failed to set the SM_AUTHENTICATIONLEVEL");

Following the bookshelf, there are other properties that can be set at run time as well.



The code sample is provided as it is, no additional support is available. This is custom code development, generally out of support scope.
Any further custom coding questions should be directed to HCL service group, a Broadcom partner. 

Additional Information