When user comes with a valid SMSESSION, RiskEvaluation is never triggered
On working on the integration of CA Siteminder and CA Risk Authentication, we noticed that if a user moves from an Application A which is Siteminder protected to Application B which is using Custom Auth Scheme (Initiating Risk Evaluation), the User Risk is never evaluated as the Custom Auth Scheme for application B is not triggered.
The only workaround to this is to increase the Siteminder Auth Levels, which is not a great way to achieve this as it loses end user experience and makes user to enter his id/password again.
We just want his Secondary Authentication to be triggered if its set for a specific application.
There are 2 Use-Cases to this scenario which are failing:
Application A (Siteminder Basic Auth Scheme)
Application B (Custom Auth Scheme - Riskminder Profile)
If User logs in to A and moves to B, RiskEvaluation is not triggered
Application A (Custom Auth Scheme - Riskminder Profile -1)
Application B (Custom Auth Scheme - Riskminder Profile - 2)
If User logs in to A and moves to B, RiskEvaluation ruleset for Profile -2 is never triggered.
This looks to be serious issue and needs to be addressed in the future releases.