How failback works between CA SSO and CA SiteMinder?

Document ID : KB000051500
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

If SSO Cookie is available but SSO Server in SSO Authscheme cannot be reached, in this case it will now support for "failback" to Basic/Forms authentication.

Solution:

From R12 SP2 CR01 onwards, if SSO between CA SSO and CA SiteMinder fails(as per scenarios written below), then it will failback to simple auth schemes:

  1. Fallback to Basic/Form (All SSO Servers are down).

    Configure SSO Client to create cookie with SSO Ticket. Login to SSO Client with valid user using SSO Authentication.
    Stop ALL SSO Servers. Open browser and access resource protected by smauthetsso authentication scheme.


  • Fallback to Basic/form (User is not authorized by SM Policy Server).

    Scenario: Configure SSO Client to create cookie with SSO Ticket. Login to SSO Client with valid user using SSO.
    Authentication but excluded (or not included) to Policy (meaning user is not authorized to access protected resource).


  • Fallback to Basic/form (No SSO Cookie is found).

    Logoff from SSO Client (SSO client deletes cookie with SSO Ticket).


  • Fallback test to Silent auth from Basic (All Server are down, user challenged with Basic auth, user cancels basic starts SSO Server and accesses protected resource again).

    Configure SSO Client to create cookie with SSO Ticket. Login to SSO Client with valid user using SSO Authentication. Stop ALL SSO Servers. Open browser and access resource protected by smauthetsso authentication scheme. User challenged with Basic auth scheme. User cancels authentication dialog starts one of SSO Servers and re-accesses protected page.

    User gets protected resource silently (no authentication is required).

    Note: This applies to IIS 6.0, re-architected Apache 2.0 and re-architected SunOneagents only.