A brief write up on this functionality
What is CONFIDENCE_LEVEL :
This is an inbuilt score which is set in CA SSO header (“SM_USER_CONFIDENCE_LEVEL”) after successful completion CA Advance authentication.
Where to use CONFIDENCE_LEVEL :
It should be used with CA SSO integration with CA advance Auth. You should use the SSO header “SM_USER_CONFIDENCE_LEVEL” in Authorization rule for the business logic that you want to force based on confidence level.
CA SSO header to hold CONFIDENCE_LEVEL:
How CONFIDENCE_LEVEL is calculated:
CONFIDENCE_LEVEL = 1000 - riskScore*10;
SM_USER_CONFIDENCE_LEVEL = CONFIDENCE_LEVEL
How to enable CONFIDENCE_LEVEL to AA and SSO Integration:
- Add the new parameter (SupportConfidenceLevel=TRUE) in adapterSiteminder.shim to integrate with SSO. This parameter enables authorization to the application. Incorporate it in the adapterSiteminder.shim file in the following section:
# "MultipleUserDirectoriesSupported" property specifies that multiple user directories
# are supported. If set to 1 multiple user directories will be supported, else not.
# Default value is 1.
Authorization Policy can also be configured for re-authentication using "OnAccessValidateIdentity" event.
Check the following configuration on CA AA documenation:
AA Document Home->Configuring Policy Server -->Configuration Policy Overview->Configure Re-authentication for Sensitive Resources