We are in the process of implementing a system where post authentication user is verified with OTP for each new session. We want to restrict user access to application (except for OTP verification page) till SiteMinder gets confirmation of OTP verification from application. Please note OTP generation and validation are handled by application.
We know SiteMinder does not intercept any POST data from the application except the one directly posted to .fcc files (login.fcc/smpwservices.fcc etc) fromUjwol on the discussionPass form variable from jsp to Siteminder.
We want to explore possible OOTB SiteMinder solution that can be implemented where application can provide some trigger based on which SiteMinder provides access to resources. This access should be valid for single session and should be revoked once the session ends.