AnsweredAssumed Answered

CA SSO Re-Authenticate on Sensitive Data/ Resource

Question asked by PrateekAg on May 3, 2018
Latest reply on May 10, 2018 by Hubert Dennis

Hi All,

 

I was just going through below documentation How to Require Re-authentication for Sensitive Resources - CA Single Sign-On - 12.52 SP1 - CA Technologies Documentation , but unable to use this functionality as stated.

 

Below are my configurations:

 

1) Protected Realm as "webagent/test" 

2) Created a policy as "test policy"

3) Under this policy, created a rule as "test GET/ POST" marking the sensitive data as "webagent/test/transfer.html", marking action as only GET & POST.

4) Under this policy, created another rule as "test onAccessValidateIdentity" marking the same sensitive data as "webagent/test/transfer.html", marking action (Authorization events as onAccessValidateIdentity) 
5) Added a response as HTTP-Validate-Redirect for test onAccessValidateIdentity with value of the custom relogin.fcc

6) Restarted the Policy Server.


But when I try to access either webagent/test or webagent/test/transfer.html both are redirecting me to the Protected Realms - Authentication scheme location i.e. login.fcc, once I give correct credentials, it is giving me access for both test and test/transfer.html 

Need help, on how to actually do a re-auth on sensitive data.

 

WE ARE ONLY DOING AUTHENTICATION from CA SSO, have disabled Authorization and FCCCombat.

Outcomes