Configure Anonymous Authentication Scheme to Verify User Identities

book

Article ID: 48968

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) AXIOMATICS POLICY SERVER CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

1.0 Introduction

2.0 How to Configure an Anonymous Authentication Scheme
2.1 Verify Prerequisites
2.2 Track Anonymous Users
2.3 Configure an Anonymous Authentication Scheme

3.0 Copyright

1.0 Introduction

Product: SiteMinder®

Release: r12.5 CA SiteMinder

SiteMinder authentication schemes are Policy Server objectsthat determine the credentials that a user requires toaccess a protected resource. Policy administrators assignan authentication scheme to a realm or an applicationobject to determine the credentials that a user must supplyto access resources in that realm or application.

This scenario describes how a policy administrator canconfigure an anonymous authentication scheme to verify useridentities according to their guest distinguished name (DN).

This scenario assumes that policy administrators have thefollowing skills:

  • Are familiar with SiteMinder policy-based security andSiteMinder policy objects.
  • Know how to access and use the SiteMinder Administrative UI.

This Knowledge Base Article constitutes a portion of theofficial CA product documentation for this CA product. ThisKnowledge Base Article is subject to the following notices,terms and conditions.

2.0 How to Configure an Anonymous Authentication Scheme

The Anonymous authentication scheme lets SiteMinder provideaccess privileges to users who are not yet identified inyour network. Assigning an Anonymous authentication schemeto a realm does not provide access control, but it doesallow SiteMinder to personalize content for the user.

When you create an Anonymous authentication scheme, specifya guest distinguished name (DN). You can bind policies tothe guest DN and can personalize the content in the realm.The anonymous users view content according to policies ofthe guest DN. The identified users have a distinct DN, soan identified user who accesses the same resource views thecontent of the resource based on their unique DN.

The following graphic describes how to configure ananonymous authentication scheme:

<Please see attached file for image>

Figure 1 - Configure an Anonymous Authentication Scheme

More information:

Verify Prerequisites

Track Anonymous Users

Configure an Anonymous Authentication Scheme


2.1 Verify Prerequisites


Before you configure an anonymous authentication scheme,verify that the following prerequisites are complete:

  • A guest DN for anonymous users exists in a user directory.
  • A directory connection exists between the Policy Server andthe user directory.

2.2 Track Anonymous Users


If you enable user tracking, SiteMinder Web Agents saveGlobal Unique Identifiers (GUIDs) in cookies. When usersaccess a resource that is protected by an Anonymousauthentication scheme for the first time, the Web Agentcreates a cookie that includes the GUID of the user. EachGUID is a unique value and can be used to track ananonymous user and personalize the content.

Follow these steps:

  1. Log in to the Administrative UI.
  2. Click Administration, Policy Server, Global Tools.
  3. Select Enable User Tracking in the Global Settings groupbox.
  4. Click Submit.

    The Policy Server enables user tracking.


2.3 Configure an Anonymous Authentication Scheme


Configure an Anonymous authentication scheme to giveunregistered users access to specific web content.

Note: The following procedure assumes that you are creatingan object. You can also copy the properties of an existingobject to create an object.

Follow these steps:

  1. Click Infrastructure, Authentication.
  2. Click Authentication Schemes.
  3. Click Create Authentication Scheme.
  4. Verify that the Create a new object of type AuthenticationScheme is selected.
  5. Click OK.

    The Create Authentication Scheme page appears.

  6. Enter a name and a protection level.
  7. Select Anonymous Template from the Authentication SchemeType list.
  8. Enter the DN of a user.
  9. Click Submit.

    The authentication scheme is saved and can be assigned to arealm.

3.0 Copyright

This Documentation, which includes embedded help systemsand electronically distributed materials, (hereinafterreferred to as the "Documentation") is for yourinformational purposes only and is subject to change orwithdrawal by CA at any time.

This Documentation may not be copied, transferred,reproduced, disclosed, modified or duplicated, in whole orin part, without the prior written consent of CA. ThisDocumentation is confidential and proprietary informationof CA and may not be disclosed by you or used for anypurpose other than as may be permitted in (i) a separateagreement between you and CA governing your use of the CAsoftware to which the Documentation relates; or (ii) aseparate confidentiality agreement between you and CA.

Notwithstanding the foregoing, if you are a licensed userof the software product(s) addressed in the Documentation,you may print or otherwise make available a reasonablenumber of copies of the Documentation for internal use byyou and your employees in connection with that software,provided that all CA copyright notices and legends areaffixed to each reproduced copy.

The right to print or otherwise make available copies ofthe Documentation is limited to the period during which theapplicable license for such software remains in full forceand effect. Should the license terminate for any reason, itis your responsibility to certify in writing to CA that allcopies and partial copies of the Documentation have beenreturned to CA or destroyed.

TO THE EXTENT PERMITTED BY APPLICABLE LAW, CA PROVIDES THISDOCUMENTATION "AS IS" WITHOUT WARRANTY OF ANY KIND,INCLUDING WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OFMERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, ORNONINFRINGEMENT. IN NO EVENT WILL CA BE LIABLE TO YOU ORANY THIRD PARTY FOR ANY LOSS OR DAMAGE, DIRECT OR INDIRECT,FROM THE USE OF THIS DOCUMENTATION, INCLUDING WITHOUTLIMITATION, LOST PROFITS, LOST INVESTMENT, BUSINESSINTERRUPTION, GOODWILL, OR LOST DATA, EVEN IF CA ISEXPRESSLY ADVISED IN ADVANCE OF THE POSSIBILITY OF SUCHLOSS OR DAMAGE.

The use of any software product referenced in theDocumentation is governed by the applicable licenseagreement and such license agreement is not modified in anyway by the terms of this notice.

The manufacturer of this Documentation is CA.

Provided with "Restricted Rights." Use, duplication ordisclosure by the United States Government is subject tothe restrictions set forth in FAR Sections 12.212,52.227-14, and 52.227-19(c)(1) - (2) and DFARS Section252.227-7014(b)(3), as applicable, or their successors.

Copyright © 2013 CA. All rights reserved. All trademarks, trade names, service marks, andlogos referenced herein belong to their respectivecompanies.

Environment

Release:
Component: SMPLC

Attachments

1558721456128000048968_sktwi1f5rjvs16w2j.gif get_app
1558535004580TEC585779.zip get_app