We are using integrated authentication of SiteMinder and RiskMinder.
Is the unknown user in RiskMinder's Rules and Scoring Management an unregistered user in the SiteMinder's user directory?
If so, an error will occur in the first check on the SiteMinder side, and the transition to the RiskMinder side will not occur. Is it correct?
If the final risk assessment is ALERT, will the user be authenticated if the ID and password are correct?
Release : 9.1
Component : AuthMinder(Arcot WebFort)
RiskMinder(Arcot RiskFort)
Out of the box the Advise given by the Riskfort server is ALERT if the user is not known. In case of Siteminder integration same user base will be used by the Risk server and Siteminder server as once Authentication is done, the user need to be authorized to see the protected resource page, if user is not present in the User repository then the Risk server ( UDS component will check with the User repository) will give the ALERT advise if that user is not found
If Siteminder is doing the first authentication then the user will not be found and that will result in an error, same case will be applicable if AFM is doing the LDAP authentication and because User is not known the error will be shown in the screen.
First check itself will fail when user input the Username and Password but in Risk evaluation part the user will be given an ALERT advise, if user does not exists the first level authentication will fail.