Requries on Login page

book

Article ID: 97563

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction



We're running a Web Agent, and we'd like to know :

1 - Is there a way to mask the login page, as having 

 https://myserver.mydomain.com/myapp/login

 instead of :

 https://myserver.mydomain.com/myapp/login?TYPE=33554433&REALMOID=06-0001dc6e-bec9-1ae2-be6c-391c9970f051&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=-SM-uh4C3ALWNjC2oO6%2b15xYX4wgaVGuync6V%2bQw9kqx9qSJCqH9fIgjRmthAFFLXHi1&TARGET=-SM-https%3a%2f%2fmyserver%2emydomain%2ecom%2fmyapp%2faccess%2f

2 - For the same resource, is it possible to have an 2 authentication,
    depending the origin of the caller, internal or external ?

3 - Can Web Agent provide redirect pages in case of idle timeout and
    max timeout ?

Environment

Release:
Component: SMAPC

Resolution

1 - You might customize a login page that will POST to the login.fcc :

    Custom Login Page
    https://communities.ca.com/docs/DOC-231150607-custom-login-page

    but the login.fcc page should always be accessible to be
    processed.

    Tech Tip : CA Single Sign-On :: Web Agent::How to restrict user
    from using login.fcc directly
    https://communities.ca.com/community/ca-security/ca-single-sign-on/blog/2018/02/14/tech-tip-ca-single-sign-on-web-agenthow-to-restrict-user-from-using-loginfcc-directly

2 - You might check the Global Delivery Module : 

    Authentication Using Login Sequence for CA Single Sign-On

    SiteMinder customers have expressed a desire to have the ability
    to automatically apply different authentication schemes to
    different groups of users; if the user fails to provide correct
    credentials for one authentication mechanism, automatically fail
    over to a different authentication mechanism; or combine multiple
    authentication mechanisms into a sequence that the user must
    successfully pass through to get authenticated.  The Login
    Sequence Authentication (SmLoginSequenceAuth) solution extends the
    functionality of SiteMinder’s standard authentication schemes in
    order to address the above requirements.

    CA Global Delivery Packaged Work Product Download Index
    https://support.ca.com/us/product-content/recommended-reading/technical-document-index/ca-global-delivery-packaged-work-product-module-index.html?id=%7B3B2E2905-11AF-4479-B309-63F113CA5D57%7D?id=%7B3B2E2905-11AF-4479-B309-63F113CA5D57%7D#SSO

3 - You might be able to handle idle timeout and max timeout
    redirection with the ACO parameters :

    IdleTimeoutURL
    MaxTimeoutURL
    
    Redirect a User after a Session Time-out
    https://docops.ca.com/ca-single-sign-on/12-8/en/configuring/web-agent-configuration/session-protection/redirect-a-user-after-a-session-time-out