-
(Optional) Select the Allow Protection Override check box in Scheme Common Setup. This option specifies that the protection level in the library takes precedence over the protection level specified in the Administrative UI.
Which Java Method is for the 'Allow Protection Override' Feature?
Article ID: 145314
Updated On:
Products
CA Single Sign On Secure Proxy Server (SiteMinder)
CA Single Sign On Agents (SiteMinder)
CA Single Sign On Federation (SiteMinder)
CA Single Sign On SOA Security Manager (SiteMinder)
SITEMINDER
Issue/Introduction
SiteMinder documentation mentions the 'Allow Protection Override' checkbox that applies to Custom Authentication schemes.
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/single-sign-on/12-8-03/configuring/policy-server-configuration/authentication-schemes/custom-authentication-schemes.html
Which method in the Authentication Java API can be used to set the Protection Level of the Custom Authentication scheme?
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/single-sign-on/12-8-03/configuring/policy-server-configuration/authentication-schemes/custom-authentication-schemes.html
Environment
Release : 12.8.03
Component : SITEMINDER -SDK
Cause
This is part of com.netegrity.policyserver.smapi SmAuthScheme Interface.
Public SmAuthenticationResult authenticate(String parameter, String secret, int challengeReason, SmAuthenticationContext context)
%SM_AUTHENTICATIONLEVEL is an User Attributes
When a user is authenticated for a resource, this attribute holds an integer number (of 0 to 1000) that represents the protection level of the authentication scheme under which the user was authenticated.
Here is an example how this might have been set in custom code:
Public SmAuthenticationResult authenticate(String parameter,
String secret,
int challengeReason,
SmAuthenticationContext context) {
...
UserContext theUserContext = context.getUserContext();
...
if (0 != theUserContext.setProp("SM_AUTHENTICATIONLEVEL", "20")) {
context.setUserText("Failed to set the SM_AUTHENTICATIONLEVEL");
}
}
Following the bookshelf, there are other properties that can be set at run time as well.
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/single-sign-on/12-52-01/programming/sdks/programming-in-java/authentication-api-and-authorization-api-in-java/custom-authentication-scheme-creation-using-java/implement-the-java-authentication-api-interface.html
Public SmAuthenticationResult authenticate(String parameter, String secret, int challengeReason, SmAuthenticationContext context)
Performs the custom authentication and returns the authentication result.
SiteMinder calls this method at least twice -- during user disambiguation and during user authentication. For information about these two phases of the authentication process, see the Programming Guide for Java.- Parameters:
parameter- The optional parameter string specified in the Policy Server User Interface, to be used in any way that the authentication scheme requires.secret- The shared secret specified for the authentication scheme in the Policy Server User Interface. The shared secret is used for any purpose that the authentication scheme requires, such as enryption or credentials operations. Your authentication scheme may or may not require a shared secret.challengeReason- The reason code from a previous authentication that failed or was challenged, or 0 if unknown. The reason code that SiteMinder passes is theREASON_constant that the authentication scheme returned inSmAuthenticationResultafter the failed or challenged authentication.context- Contains request context objects, and also methods for passing error and user messages directly to SiteMinder.
SmAuthenticationResult object containing status and reason codes. How the returned status code is interpreted depends upon the phase during which SiteMinder called the authentication scheme.%SM_AUTHENTICATIONLEVEL is an User Attributes
When a user is authenticated for a resource, this attribute holds an integer number (of 0 to 1000) that represents the protection level of the authentication scheme under which the user was authenticated.
Here is an example how this might have been set in custom code:
Public SmAuthenticationResult authenticate(String parameter,
String secret,
int challengeReason,
SmAuthenticationContext context) {
...
UserContext theUserContext = context.getUserContext();
...
if (0 != theUserContext.setProp("SM_AUTHENTICATIONLEVEL", "20")) {
context.setUserText("Failed to set the SM_AUTHENTICATIONLEVEL");
}
}
Following the bookshelf, there are other properties that can be set at run time as well.
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/single-sign-on/12-52-01/programming/sdks/programming-in-java/authentication-api-and-authorization-api-in-java/custom-authentication-scheme-creation-using-java/implement-the-java-authentication-api-interface.html
Resolution
The code sample is provided as it is, no additional support is available. This is custom code development, generally out of support scope.
Any further custom coding questions should be directed to HCL service group, a Broadcom partner.
Any further custom coding questions should be directed to HCL service group, a Broadcom partner.
Feedback
Yes
No
Powered by
