Symantec Access Management

  • 1.  Does anonymous authentication scheme add any security ?

    Posted Mar 08, 2017 06:46 PM

    Hi, Does anonymous authentication scheme add any security to a website with all public/unprotected pages?All pages on our new portal are public where users do not have to authenticate with username & password but can do transctions after they answer few questions about their account details present in our database.

    I would have thought that Single sign on can provide security with Device DNA and session linker technology even if user doesnot have to login ?  Is this valid requirement to use Siteminder?

    Thanks in advance



  • 2.  Re: Does anonymous authentication scheme add any security ?
    Best Answer

    Posted Mar 08, 2017 07:30 PM

    Anonymous authentication is NOT a limitation factor to use Enhanced Session Assurance with DeviceDNA functionality.
    So, even if you are using anonymous authentication, it should be providing you the needed security of not being able to hijack the session cookie and replay it in another session if that is what you are after.

     

    It is able to do so because, the list of the data element that it captures for DeviceDNA is quite extensive some of which includes elements like system, hardware, browser, plugins etc.

     

    How to Configure Enhanced Session Assurance with DeviceDNA™ - CA Single Sign-On - 12.52 SP1 - CA Technologies Documentat… 



  • 3.  Re: Does anonymous authentication scheme add any security ?

    Posted Mar 09, 2017 02:12 AM

    Many Thanks Ujwol. Documentation of anonymous authentication scheme mentions that a  guest DN (distinguished name) is required. We dont have any personalised contents for anonymous users. Do we still need a guest DN in user store? In fact for the first phase we have all users accessing site anonymously so we would like to avoid set up of a user store (as there are no user details to be stored). 

    Is there any documentation about what guest DN attributes are required to be set up for anonymous authentication

    Thanks



  • 4.  Re: Does anonymous authentication scheme add any security ?

    Posted Mar 09, 2017 10:07 AM

    Hello,

     

    You can check the following documentation :

    https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/configuring/policy-server-configuration/authentication-schemes/anonymous-authentication-schemes

     

    Especially :

     

    Anonymous Scheme Prerequisites

    Verify that the following prerequisites are met before configuring an anonymous authentication scheme:

    • A guest DN for anonymous user exists in a user directory.
    • A directory connection exists between the Policy Server and the user directory.
    • To track users according to GUIDs assigned by Anonymous authentication, enable user tracking on the Global Settings pane of the Administrative UI.

     

    Regarding the user attributes, you would need to configure the UID, Disabled Flag and Password fields in the User directory. I saw some issue with anonymous auth scheme if the disabled flag is not configured.

     

    Hope it helps,

    Julien.