Is there a way to set up two different HTML Authentication Schemes under the same domain/realm?
search cancel

Is there a way to set up two different HTML Authentication Schemes under the same domain/realm?

book

Article ID: 234398

calendar_today

Updated On:

Products

CA Single Sign On Federation (SiteMinder) CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign-On CA Single Sign On Agents (SiteMinder)

Issue/Introduction

We have one SiteMinder Policy Server and a corresponding Access Gateway Server (which serves as the Local IDP) within a SAML Partnership.

We have two different SAML Partnerships that use the same Access Gateway Server to route traffic to SiteMinder. However, because both SAML Partnerships are under the same domain/realm we have an HTML Auth Scheme set which has registration links for two different applications. Customer would like to separate this so that depending on which SAML Partnership the user navigates to they see an Auth Scheme/Login page with only that application URL. Is there any way to separate this?

Basically the customer has different Federation Partners where they need to create different domains and realms to protect this " /affwebservices/redirectjsp/redirect.jsp " to challenge different " AUTHENTICATION SCHEME ".

Environment

Release: CA Policy Server 12.8 releases and/or applicable to other supported environments.
Environment: Windows/Linux

Resolution

- Just to clarify, kindly note that the Authentication scheme is assigned to realms, not domains.

How to challenge the user with different " AUTHENTICATION SCHEME " based on the requirement and have different login pages for different Partnerships.

Each Partnership can have its own Authentication URL.

- For example we have different Partners where we need to create different domains and realms to protect this " /affwebservices/redirectjsp/redirect.jsp " to challenge the user with different " AUTHENTICATION SCHEME ".

- For Example we have " ABC " as SAML Partner and we are creating a different domain to protect " /affwebservices/redirectjsp/redirect.jsp " so we need to make some changes like below.

- For ABC BANK:
" /affwebservices/redirectjspABC/redirect.jsp " 

- For XYZ BANK:
" /affwebservices/redirectjspXYZ/redirect.jsp "

- We would need to make below changes in the " CA ACCESS GATEWAY (SPS) " (or WAOP) wherever the Federation Web Services are deployed.

- In CA Access Gateway go to this location:

- XXXX/CA/secure-proxy/Tomcat/webapps/affwebservices  

- We will see a " folder " called " redirectjsp ". (Kindly note that NOT the " redirect.jsp " file which is inside the redirectjsp folder).

- Take a copy of this " redirectjsp " folder.

- If you want to use it for " ABC " partnership then Just name the folder like " redirectjspABC ".

- Take another COPY of this " redirectjsp " folder for other partnership and If you want to use it for " XYZ " then Just name the folder like " redirectjspXYZ "

- Then protect the required redirect.jsp with a new realm and use the required Authentication Scheme.

Powered by Wolken Software