Authentication and Authorization events in Siteminder

Authentication, Authorization  Events and Rules in Siteminder

Authentication Events

Authentication events occur when a user accesses a resource protected by a rule that includes an On-Auth event. Unlike Web Agent actions or authorization events, authentication events always apply to the entire realm. We can’t create an On-Auth rule that applies to a portion of a realm.

Authentication events include the following:

  • On-Auth-Accept: Occurs if authentication was successful. This event may be used to redirect a user after a successful authentication.
  • On-Auth-Reject: Occurs if authentication failed for a user that is bound to a policy containing an On-Auth-Reject rule. This event may be used to redirect the user after a failed authentication.
  • On-Auth-Attempt: Occurs if the user was rejected because Siteminder does not know this user (an unregistered user, for example, can be redirected to register first).
  • On-Auth-Challenge: Occurs when custom challenge-response authentication schemes are activated (for example, a token code).

 Authorization Events

Authorization events will occur as Siteminder verifies whether or not a user is authorized to access a resource. As a rule action, an authorization event causes the Policy Server to fire a rule at a particular point in the authorization process.

Authorization events include the following:

  • On-Access-Accept: Occurs when Siteminder successfully authorizes a user to access the resource.
  • On-Access-Reject: Occurs when Siteminder rejects a user because the user is not authorized to access the resource.

 Four rules that we configure are:

  1. Allow Access Rule: Get Post Action
  2. Auth Attempt Rule: On Auth Attempt Action
  3. Auth Reject Rule: On Auth Reject Action
  4. Access Reject Rule: On Access Reject Action

 

  User Name Password Scenario
On Auth Accept Correct Correct. Used to redirect a user after a successful authentication.
On Auth Reject Correct Wrong Used to redirect the user after a failed authentication.
On Auth Attempt Wrong Wrong Occurs if the user was rejected because SiteMinder does not know this user (an unregistered user, for example, can be redirected to register first).
On Access Accept The Credentials provided exists in the User Group attached to the requested resource. Used to redirect users who are authorized to access a resource.
On Access Reject The Credentials provided does not exist in the User Group attached to the requested resource. Used to redirect users who are not authorized to access a resource.

 

3 Responses to“Authentication and Authorization events in Siteminder”

  1. July 3, 2014 at 5:42 PM #

    You’re so interesting! I do not believe I’ve read a single
    thing like that before. So great to discover someone with a few unique thoughts on this topic.
    Seriously.. many thanks for starting this up. This web site
    is one thing that is needed on the internet, someone with some originality!

    • July 7, 2014 at 11:09 AM #

      Thanks Loretta.Hope you enjoyed reading it. !!

      • Jonnalagadda S
        January 18, 2017 at 6:39 PM #

        Hi Vaibhav,

        Nice article, can also provide some articles on ca identity manager.

        Regards,
        Srini

Leave a Reply

Your email address will not be published. Required fields are marked *

(Required)

Proudly powered by WordPress   Premium Style Theme by www.gopiplus.com