Two factor authentication for SiteMinder

Introduction

The LoginTC SiteMinder Connector is a complete multi-factor authentication solution for CA SiteMinder. The LoginTC SiteMinder Connector features a SiteMinder authentication scheme that adds additional layers of security to your existing SiteMinder deployments with minimal effort.

Prefer Reading a PDF?

Download a PDF file with configuration instructions:

Prerequisites

Before proceeding, please ensure you have the following:

  • LoginTC Admin account (or on-premise deployment)
  • SiteMinder r12.x Policy Server
  • SiteMinder Web Agent and HTTP Server
  • LoginTC SiteMinder Connector package: logintc-siteminder-connector-x.x.x.zip

Enterprise subscription required

Please contact our sales team for trial access to the LoginTC SiteMinder Connector.

SiteMinder Domain Creation

If you have already created a LoginTC domain for your LoginTC SiteMinder Connector, then you may skip this section and proceed to Installation.

  1. Log in to LoginTC Admin
  2. Click Domains:
  3. Click Add Domain: Create Domain
  4. Enter a name and optionally pick an icon Create Domain Form
  5. Scroll down and click Create

Use Default Domain Settings

Domain settings can be modified at any time by navigating to Domains > Your Domain > Settings.

Installation

The following instructions will guide you in installing the LoginTC SiteMinder Connector on your SiteMinder Policy Server.

  1. Acquire the LoginTC SiteMinder Connector package if you haven’t already
  2. Unzip the LoginTC SiteMinder Connector package. The package will contain the following components:
    • LoginTCAuthScheme.jar: The LoginTC SiteMinder authentication scheme
    • form/: A directory with a sample web forms credential collector (FCC)

Authentication Scheme

The following steps will guide you in installing the LoginTC SiteMinder authentication scheme on your SiteMinder Policy Server:

  1. Upload LoginTCAuthScheme.jar to your SiteMinder Policy Server host (e.g. to /path/to/siteminder/bin)
  2. Open your Policy Server’s JVMOptions.txt file (located in /path/to/siteminder/config) and add LoginTCAuthScheme.jar to java.class.path. Separate items with a colon (:). E.g. the line should look similar to:

    -Djava.class.path=/opt/ca/siteminder/config/properties:/opt/ca/siteminder/bin/jars/smbootstrap.jar:/opt/ca/siteminder/bin/LoginTCAuthScheme.jar
  3. Restart your SiteMinder Policy Server

Login Form

This optional installation step will provide you with a LoginTC-branded web login form for your SiteMinder Web Agent. You may skip this section if your organization already has a web login form.

  1. Upload the contents of the form/ directory to the host(s) where your HTTP server and SiteMinder Web Agents are running
  2. Ensure that the contents within the form/ directory can be viewed by unauthenticated users.

Configuration

This section will guide you through the process of registering and adding the LoginTC authentication scheme to your realm.

Registering LoginTC Authentication Scheme

The following steps will register the LoginTC authentication scheme and make it available for your realms.

  1. Log in to the SiteMinder Administrative UI
  2. Click on Infrastructure tab and then Authentication tab
  3. Click on Authentication Schemes
  4. Click Create Authentication Scheme
  5. Select “Create a new object of type Authentication Scheme” option and press the OK button
  6. Select Custom Template from the Authentication Scheme Type field
  7. Fill in the form with the following values:

    Name

    LoginTC

    Description

    LoginTC multi-factor authentication

    Library

    smjavaapi

    Secret

    Your 64-character LoginTC Admin organization API key

    Confirm Secret

    Your 64-character LoginTC Admin organization API key

    Parameter

    com.cyphercor.logintc.siteminder.LoginTCAuthScheme <parameter> where <parameter> is the following parameters concatenated by commas:

    Position Field Example
    1 Protocol https
    2 LoginTC Admin Host cloud.logintc.com
    3 LoginTC Admin Port 443
    4 Domain ID 2fd4e1c67a2d28fced849ee1bb76e7391b93eb12
    5 Timeout (s) 60
    6 Path to web form /logintc.fcc
    7 Debug Mode true

    For example, replace <parameter> with https,cloud.logintc.com,443,2fd4e1c67a2d28fced849ee1bb76e7391b93eb12,60,/logintc.fcc,true

  8. Click the Submit button

Enable LoginTC for Realm

The following steps will enable LoginTC multi-factor authentication for one or more of your realms.

  1. Click on Policies tab and then Domain tab
  2. Click on Realms and then click on your realm
  3. Press the Modify button
  4. Select LoginTC from the Authentication Scheme dropdown
  5. Click Submit

Your realm is now protected by LoginTC multi-factor authentication. When you attempt to access a protected web resource, you will be redirected to the login form that you specified in the LoginTC authentication scheme parameter.

User Management

There are several options for managing your users within LoginTC:

Troubleshooting

To debug the LoginTC Authentication Scheme, enable debug mode (by setting the 7th parameter in <parameter> to true) and restart your SiteMinder Policy Server. The LoginTC authentication scheme outputs logs to /tmp/LoginTCAuthScheme.log.