Vaibhav Tripathi

August 12, 2012

Authentication and Authorization events in Siteminder

Authentication, Authorization  Events and Rules in Siteminder

Authentication Events

Authentication events occur when a user accesses a resource protected by a rule that includes an On-Auth event. Unlike Web Agent actions or authorization events, authentication events always apply to the entire realm. We can’t create an On-Auth rule that applies to a portion of a realm.

Authentication events include the following:

  • On-Auth-Accept: Occurs if authentication was successful. This event may be used to redirect a user after a successful authentication.
  • On-Auth-Reject: Occurs if authentication failed for a user that is bound to a policy containing an On-Auth-Reject rule. This event may be used to redirect the user after a failed authentication.
  • On-Auth-Attempt: Occurs if the user was rejected because Siteminder does not know this user (an unregistered user, for example, can be redirected to register first).
  • On-Auth-Challenge: Occurs when custom challenge-response authentication schemes are activated (for example, a token code).

 Authorization Events

Authorization events will occur as Siteminder verifies whether or not a user is authorized to access a resource. As a rule action, an authorization event causes the Policy Server to fire a rule at a particular point in the authorization process.

Authorization events include the following:

  • On-Access-Accept: Occurs when Siteminder successfully authorizes a user to access the resource.
  • On-Access-Reject: Occurs when Siteminder rejects a user because the user is not authorized to access the resource.

 Four rules that we configure are:

  1. Allow Access Rule: Get Post Action
  2. Auth Attempt Rule: On Auth Attempt Action
  3. Auth Reject Rule: On Auth Reject Action
  4. Access Reject Rule: On Access Reject Action

 

  User Name Password Scenario
On Auth Accept Correct Correct. Used to redirect a user after a successful authentication.
On Auth Reject Correct Wrong Used to redirect the user after a failed authentication.
On Auth Attempt Wrong Wrong Occurs if the user was rejected because SiteMinder does not know this user (an unregistered user, for example, can be redirected to register first).
On Access Accept The Credentials provided exists in the User Group attached to the requested resource. Used to redirect users who are authorized to access a resource.
On Access Reject The Credentials provided does not exist in the User Group attached to the requested resource. Used to redirect users who are not authorized to access a resource.

 

About these ads

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

The Rubric Theme Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: