Symantec Access Management

  • Private Community

  • 1.  Custom authentication scheme

    Posted Nov 19, 2014 06:00 AM

     

    I am working on SiteMinder Federation project. We have integrated all the applications with Federation solution except one application. Customer federation setup is configured as "Identity Provider".

     

    I am facing a challenge during integrating with Service Now application. The customer has Microsoft AD for internal users, whereas external users log-on using Service now directory (user repository is configured at Service Now). External users are stored in the Service Now user repository. Service Now repository is a black box for SiteMinder. 

     

    Internal user authentication happens properly & users are able to connect to Service Now application.

     

    Problem:

     

    For external users; authentication required to happen using a Web Services call to Service Now. I would like to know how should integrate external users with CA SiteMinder Federation solution.

     

    All suggestions are welcome.

     



  • 2.  Re: Custom authentication scheme

    Posted Nov 19, 2014 11:12 AM

    Bhusan BhushanPurandare

     

    One possible try out....

     

     

    Scenario1: Assuming SiteMinder Federation Services is being used on IdP Side and SP Side (ServiceNow is SP).

     

    On IdP Side

    Create 2 different Partnerships or AffiliateDomain (Legacy Federation) on IdP Side i.e. ServiceNow_Internal and ServiceNow_External.

    Caution : using same IdP ID for both, SP ID needs to be different / unique. The challenge might reusing same IdP ID on SP Side. Otherwise use Different IdP ID.

     

    On SP Side

    For the SSO with IdP ServiceNow_Internal traffic incoming into ServiceNow, create a partnership or SAML Auth Scheme (Legacy Federation) with AD as UserStore.

    For the SSO with IdP ServiceNow_External traffic incoming into ServiceNow, create a partnership or SAML Auth Scheme (Legacy Federation) with Custom Directory as UserStore and may need to develop a "Message Consumer Plugin" on top of it.

     

    NOTE : For Custom Directory, one may need to write a DLL if tinkering registry settings is not sufficient.

     

     

     

    Scenario2: Assuming SiteMinder Federation Services is being used on IdP Side and SP Side (ServiceNow is SP) we are using some other SAML Compliant toolkit.

     

    On IdP Side

    Create 2 different Partnerships or AffiliateDomain (Legacy Federation) on IdP Side i.e. ServiceNow_Internal and ServiceNow_External.

    Caution : using same IdP ID for both, SP ID needs to be different / unique. The challenge might reusing same IdP ID on SP Side. Otherwise use Different IdP ID.

     

    On SP Side

    We need to investigate how the toolkit could be configured to support the external black box DB.

     

     

    Regards

     

    Hubert