Using CA SSO SDK for User Authentication Attempts

Document ID : KB000011368
Last Modified Date : 14/02/2018
Show Technical Document Details

The CA SSO Software Development Kit (SDK) includes a set of documented application programming interfaces (APIs) that let you integrate and extend the capabilities of the "Out-Of-Box" CA SSO within your specific environment. Below are a couple of example questions that have come up for User Authentication Attempts.


How to access number of invalid user authentication attempts? Is that accessible through CA SSO API?

Policy Sever and Supported C and Java SDK

The CA SSO Event API (C API) lets you create custom event handlers. Through the Event API, SiteMinder can log events using outside sources, providers, or applications. You can then access the logged information through these other sources, providers, or applications. 

Each event handler is an instance of a shared library that supports the Event API provider interface. To support custom event handlers, you must build a shared library.

Install the shared library in one of the following locations: 

? On UNIX platforms, in the SiteMinder lib directory 
? On Windows platforms, in the SiteMinder bin directory 

The shared library must export the following entry points: 

? SmEventInit():Called by the Policy Server so that an event handler can perform its own initialization procedure.

? SmEventRecord():Called by the Policy Server when an event has been signalled. 

? SmEventRelease():Called by the Policy Server so that an event handler can perform its own rundown procedure. 

To build an event handler, include the SmEventApi.h header file: 
#include "SmEventApi.h"

You can use Event API and this event, SmLogObjEvent_FailedLoginAttemptsCount, to access the number of invalid user authentication attempts.

This event is called when a user login fails and there is a password policy that applies. The following table lists the associated SmLog_Obj_t fields: 

See Field:Description below.

nVersion: Version number of the SiteMinder server. 
nCurrentTime: Time when the event occurred. 
szUserName: The user whose login attempt failed. 
szSessionId: The session ID of the user. 
szObjName: Name of directory where the user was found. 
szFieldDesc: User’s DN. 
szStatusMsg: Number of times that the login was attempted. This number cannot be higher than the number of attempts that results in a disabled account. 

You can then access the logged information, such as the above data structure SmLogObjEvent_FailedLoginAttemptsCount, and, specifically, the content of szStatusMsg field, using the setup of the custom designed sources and providers per your application application need.

(Note that the C API cannot make JNI calls. There is no synchronization in the Policy Server to support such calls. It is possible, however, to spawn off a separate process that invokes Java and communicates back to the main process by using sockets.)

When using Java API, to retrieve an existing SmDmsUserPWState object for a user, call getUserPWState() method in the class SmDmsUserPWState.

public int getLoginFailures()

Login failures: getLoginFailures() Retrieves the number of times the user failed to log in since the user’s last successful login. 

Additional Information:

Refer to the CA SSO Programming Guide for C and Java (as well as Javadoc) for the version of CA SSO being used.