Symantec Access Management

  • Private Community

  • 1.  Ldap and OTP

    Posted Aug 04, 2016 03:55 AM

    Hi,

    Can I have CA Advanced Authentication handle the Ldap and OTP authentication and have SiteMinder handle the access management part, further SPS handle the SAML part ? Is this possible without any customization ?



  • 2.  Re: Ldap and OTP

    Broadcom Employee
    Posted Aug 04, 2016 10:03 PM

    Hi Sandeep,

     

    I assume the 'OTP' you mentioned above is the Arcot OTP instead of Email OTP or SMS OTP as OOTB Arcot AFM doesn't support using Email/SMS OTP as primary authentication mechanism.


    If it's Ldap or Arcot OTP then the requirement can be fulfilled without customization. You just need to use the Arcot Authentication Schema to protect the SiteMinder IdP authentication URL ( redirect.jsp) .

     

    Regards,

     

    Yong Li



  • 3.  Re: Ldap and OTP

    Posted Aug 05, 2016 01:25 AM

    Thank You Yong.

     

    Do you mean I can have Ldap as primary authentication and Arcot OTP as secondary authentication ? Do I have to create two different profiles in AFM ?

     

    Profile 1> Integration Type : SiteMinder

                    Primary Authentication : LDAP

                    WebFort Org Name: <the org name which has Ldap mapped to it>

    Profile 2> Integration Type: SiteMinder

                    Primary Authentication : ArcotOTP on Mobile Device or ArcotOTP on Browser

                    WebFort Org Name: <the org name which has Ldap mapped to it>

     

    Do I have to have CA Risk Authentication too (I will install use it only if needed to achieve my use case) ? When I select Ldap as primary authentication, I am asked to provide Risk Authentication Server details too.

     

    Thanks,

    Sandeep Roy



  • 4.  Re: Ldap and OTP

    Posted Aug 09, 2016 04:45 AM

    Hello,

     

    Did you get a chance to check this ?

     

    Thanks,

    Sandeep



  • 5.  Re: Ldap and OTP
    Best Answer

    Broadcom Employee
    Posted Aug 11, 2016 10:41 PM

    Hi Sandeep,


    Sorry I was unable to follow up this thread timely.

     

    Re: Do you mean I can have Ldap as primary authentication and Arcot OTP as secondary authentication ?
    Yong: Yes, you can have this combination

     

    Re: Do I have to create two different profiles in AFM ?

    Yong: No, this should be tied to single profile on AFM

     

    Re: Do I have to have CA Risk Authentication too (I will install use it only if needed to achieve my use case) ?

    Yong: With OOTB AFM, the answer comes with conditions:
         Yes if you use LDAP username/password for Primary Authentication

         No if you use ArcotID or ArcotOTP for Primary Authentication

     

    Thanks,

     

    Yong