We have a client requirement wherein we need to protect a desktop based application(.exe developed using .Net) using CA SiteMinder. Currently, they are using some internal code for generating the security token which is being stored in database. This token is then passed to webservice which user tries to access and the validation done against the database.
Since this Security token code is vulnerable for security attacks they want it to be replaced with CA SiteMinder SMSESSION.
I checked with them and I don't see any webserver in place at their where we can install the SIteMinder webagent to generate SMSESSION.
Can you please advise what approach we need to follow to address this requirement with or without webserver in place? Also, we need to achive the IWA in this.
I appreciate your quick help in this.