2 Replies Latest reply: Sep 10, 2012 10:33 AM by mirkot RSS

    authentication - sgd webservice API

    mirkot
      i'm using system authentication as authentication in SGD, my SGD server is installed on Solaris
      I've configured pam_conf with adding one extra step to authenticate
      so for user to authenticate he has to enter one more word-key
      If it is possible I would like to pass that extra key from SGD to the system to authenticate

      I think that authenticateExt service call could do the job but I dont know how to use it
      I've tried to call this service using the apitest pages under the SGD but I dont know how to pass that additional word-key into the service
      whatever I did everything failed

      any lead, help is greatly appreciated
        • 1. Re: authentication - sgd webservice API
          user12629685
          In a typical web service application, authenticate() is called, succeeds and the applications move on to its next task. In some cases, further information is required to permit authentication, for example, additional tokens or a new password. authenticateExt() API is used to deliver this additional information.

          The key point is that the conversation is driven by the SGD server: the server determines what additional attributes are needed and supplies the details to the web service application in the SOAP fault response to the original authenticate() request. Your solution would have to integrate with the SGD server components (known as login authorites). I do not know if integration with login authorities is possible or supported.
          • 2. Re: authentication - sgd webservice API
            mirkot
            thanks for the answer, I guess that I'll have to think of something else.
            Basically i need this to make two factor authentication, but I wanted to have two factor authentication used only for some users. All other users would be able to log in with their unix passwords.
            I know that SGD supports SecureID for two factor but I'm not sure if I can configure it to work only with some users.