Custom Authentication Module


This guide provides instructions to configure the HYPR Custom Authentication Scheme in Certificate Authority (CA) Single Sign-On (SSO) to enable passwordless authentication.


  • Access to CA SSO administrative console
  • Access to HYPR Control Center (CC)
  • Contact HYPR support to acquire the HYPR Custom Authentication Scheme for CA SSO (HyprAuthScheme.jar) and HYPR Client SDK (java-client-xxx.jar) .jar files
  • HYPR Custom Login Form (hypr_login.fcc)
  • A test web app/resource protected with CA SSO; when the user tries to access this web app, CA. SSO will utilize HYPR for passwordless authentication

Deploy Custom Authentication Scheme '.jar` files

  1. Stop the CA SSO Policy Server service.

  2. Place the .jar files (HyprAuthScheme.jar and java-client-xxx.jar) in the <Install_Dir>/CA/siteminder/bin/thirdparty/ directory on the CA SSO Policy Server.

  3. Open <Install_Dir>/CA/siteminder/config and edit JVMOptions.txt in a text editor.

4.In JVMOptions.txt, locate the -Djava.class.path parameter and add the full paths to the above two .jar files as shown below.

  1. Start CA SSO Policy Server service.

Configure the HYPR Custom Authentication Scheme

  1. Log into the CA SSO admin console.
  2. Navigate to Infrastructure > Authentication > Authentication Schemes.
  1. Click Create Authentication Scheme.
  2. Select Create a new object of type Authentication Scheme and click OK.
  1. Use the values in the table below to complete the dialog that appears.
Field NameDescription
NameEnter a name. For example, HyprAuthScheme
Authentication Scheme TypeCustom Template
Protection LevelEnter a desired Protection level or keep the default value
Password Policies enabled for this Authentication SchemeLeave default value
SecretNot required. Leave it blank
Confirm SecretNot required. Leave it blank
com.netegrity.sdk.javaauthapi.HyprAuthScheme /siteminderagent/forms/hypr_login.fcc;HyprServerBaseURL=;HyprAppId=sampleApp;HyprRegURL=https://

Details are below.

HYPR Custom Authentication Scheme: com.netegrity.sdk.javaauthapi.HyprAuthScheme

Custom login page:
This page does not have a password field as HYPR enables passwordless authentication.

Base URL for your HYPR server.

Application ID from your HYPR Control Center.

If a user attempts passwordless authentication without first registering a device, they will be redirected to this URL/page to initiate a device registration flow.

Note: There is a space between
com.netegrity.sdk.javaauthapi.HyprAuthScheme and
Enable this scheme for CA Single Sign-On AdministratorsNot required. Select per your environment.
Persist Authentication Session VariablesNot required. Select per your environment.



Please ensure that there is a space between the Java Class name and other parameters, as shown below.

  1. Click Submit. A Confirmation message displays at the top.

Select the HYPR Authentication Scheme for a Realm

  1. Log into the CA SSO admin console.

  2. Navigate to Policies > Domain > Domains.

  3. Select a domain to edit by clicking on the pencil icon to the right of each entry.

  1. Select the Realms tab.

  1. Select/edit a Realm by clicking the small arrow icon.
  2. Expand the Authentication Scheme drop down and select HyprAuthScheme.
  3. Click OK.
  4. Click Submit.

Deploy HYPR Custom Login Form (hypr_login.fcc)

HYPR provides a simple custom login form (hypr_login.fcc) for passwordless authentication. This is a sample form without a password field.

Open hypr_login.fcc in a text editor and replace with the URL of your HYPR Server.

Deploy hypr_login.fcc to CA SSO Secure Proxy Server in <Install_Dir>/CA/secure-proxy/proxy-engine/examples/siteminderagent/forms.




Restart Your Engine

If you make any changes to hypr_login.fcc, you may need to restart CA Access Gateway Engine service.


Access a CA SSO protected or federated web application. The user will see the hypr_login.fcc.
The user can enter a username and continue with the passwordless authentication flow.