kumsa29

AA : Using confidence scores from Risk Analysis in CA SSO Authorization.

Blog Post created by kumsa29 Employee on May 9, 2018

A brief write up on this functionality

 

What is CONFIDENCE_LEVEL :

This is an inbuilt score which is set in CA SSO header (“SM_USER_CONFIDENCE_LEVEL”) after successful completion CA Advance authentication.

 

Where to use CONFIDENCE_LEVEL :

It should be used with CA SSO integration with CA advance Auth. You should use the SSO header “SM_USER_CONFIDENCE_LEVEL” in Authorization rule for the business logic that you want to force based on confidence level.

 

CA SSO header to hold CONFIDENCE_LEVEL:

SM_USER_CONFIDENCE_LEVEL

 

How CONFIDENCE_LEVEL is calculated:

CONFIDENCE_LEVEL = 1000 - riskScore*10;

SM_USER_CONFIDENCE_LEVEL = CONFIDENCE_LEVEL

 

How to enable CONFIDENCE_LEVEL to AA and SSO Integration:

  • Add the new parameter (SupportConfidenceLevel=TRUE) in adapterSiteminder.shim to integrate with SSO. This parameter enables authorization to the application. Incorporate it in the adapterSiteminder.shim file in the following section:

# "MultipleUserDirectoriesSupported" property specifies that multiple user directories
# are supported. If set to 1 multiple user directories will be supported, else not.
#
# Default value is 1.
MultipleUserDirectoriesSupported=1
SupportConfidenceLevel=TRUE

 Reference: https://docops.ca.com/ca-advanced-authentication/9-0/en/installing/ca-adapter-installation/verifying-adapter-integration

 

Troubleshooting Reference:

Outcomes