We are exploring the TWO factor authentication solution with Siteminder functionality. Here is the complete user experience we are trying to setup through Siteminder authentication scheme (x.509 Certificate with Basic Form).
1F = 1st Factor = x.509 Certificate (Have Factor)
2F = 2nd Factor = SSO Credentials (Known Factor: User ID and Password through LDAP or AD)
1) Siteminder should challenge both factors at first time whenever user try to access above two factor protected resources. As a first step user should get authenticated using 1F(x.509 base) AND then user will authenticate using 2F (form base Credentials)
2) Once user get authenticate successfully, Siteminder should issue the following two tokens:
1Token = SM1 = Valid for 15 mins (Session Token)
2Token = SM2 = Valid for 10 days (Persistent Token)
3) So for any future subsequent requests, user should only be get challenged for 1st factor or authenticated seamlessly until 2Token get expired (SM2 is valid for 10 days).
Appreciate if someone highlight or share the solution on how to achieve this functionality through Siteminder.