Auth scheme migration using the same Resource Filter protection
search cancel

Auth scheme migration using the same Resource Filter protection

book

Article ID: 235084

calendar_today

Updated On:

Products

SITEMINDER CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Federation (SiteMinder)

Issue/Introduction

Can SiteMinder have multiple auth schemes for one rule? 

We will be adding new auth scheme to our existing environment. 

We will be doing a staggered onboarding of users from our old cert based MFA to the new MFA. 

What is the best practice?

Environment

Release : 12.8.05

Component : SITEMINDER -POLICY SERVER

Resolution

SiteMinder has constraints when objects are created using admin ui.

One of them is that resource filter and agent combination have to be unique.

Realm can NOT have two exact same /uri, when using the same agent.

So in old setup:

x509 auth scheme-->realm A--> Resource Filter /uri -->agent A

New setup will be:

New auth scheme-->realm B-- > Resource Filter /uri -->agent B

Then redirect traffic to agent A or agent B for staggered user migration.

Once migration completes, remove old configuration.

Powered by Wolken Software