Siteminder user login restrictions

Idea created by AtulS on Jan 30, 2015
    Not planned
    Score1
    • AtulS

    Platform Details:

     

    What is the policy server version ? SP ? CR ?[Sharma Atul]   12.52.100.499

    > What is the OS ?[Sharma Atul]  Linux 2.6.32-431.20.3.el6.x86_64

    > What is your Policy Store vendor ?[Sharma Atul]  7.1 SQL Server

    > What is your User Directory vendor ?[Sharma Atul]  Microsoft AD 2008

    > What is the WebAgent version ? SP ? CR ?[Sharma Atul]  SiteMinder APACHE 2.2 WebAgent, Version 12.0 QMR03

    > What is the WebServer version ?[Sharma Atul] Linux 2.6.32-431.20.3.el6.x86_64

    > What is the OS of the WebServer ?[Sharma Atul]  Linux

     

    CA Support Ticket:

     

    Refer CA Support Request 00009118 - Siteminder restrictions for more details.

     

    Problem Statement

     

    Recently received a request from to define the user limitation based on these conditions:

     

    (Max x login per day) &&(Minimum y minutes between login).

     

    1. Although the restriction based on time and IP could have been easy J but for this one we might have to work with active policy using dynamic authorization based on the above logic.

     

    I saw Sm_PolicyApi_Policy_t also, but this again talks about the time grid array where we can restrict the policy to be fired on specified time :

    1. e.g.        To restrict the policy from being fired from 8 AM to 10AM on Tuesday,

    turn off the Tuesday bit in hours 8 AM and 9 AM: 7F7F7F7F7F7F7F7F7C7C7F7F7F7F7F7F7F7F7F7F7F7F7F7F

     

    We need to device a method which can count the AzAccept for a particular user in a day and then restrict the access based on count of AzAccepts happening.

     

    Please share if you have any suggestions.

     

    Thanks in advance.

     

    Best Regards,

    Atul Sharma