HYPR Documentation
HYPR User GuidePostman APILegacy WFALegacy SDK

Custom Authentication Module

Extensions

This guide provides instructions to configure the HYPR Custom Authentication Scheme in Certificate Authority (CA) Single Sign-On (SSO) to enable passwordless authentication.

Prerequisites

  • Access to CA SSO administrative console
  • Access to HYPR Control Center (CC)
  • Contact HYPR support to acquire the HYPR Custom Authentication Scheme for CA SSO (HyprAuthScheme.jar) and HYPR Client SDK (java-client-xxx.jar) .jar files
  • HYPR Custom Login Form (hypr_login.fcc)
  • A test web app/resource protected with CA SSO; when the user tries to access this web app, CA. SSO will utilize HYPR for passwordless authentication

Deploy Custom Authentication Scheme '.jar` files

  1. Stop the CA SSO Policy Server service.

  2. Place the .jar files (HyprAuthScheme.jar and java-client-xxx.jar) in the <Install_Dir>/CA/siteminder/bin/thirdparty/ directory on the CA SSO Policy Server.

  3. Open <Install_Dir>/CA/siteminder/config and edit JVMOptions.txt in a text editor.

4.In JVMOptions.txt, locate the -Djava.class.path parameter and add the full paths to the above two .jar files as shown below.

;C:/CA/siteminder/bin/thirdparty/HyprAuthScheme.jar;C:/CA/siteminder/bin/thirdparty/java-client-3.2.1.jar
  1. Start CA SSO Policy Server service.

Configure the HYPR Custom Authentication Scheme

  1. Log into the CA SSO admin console.
  2. Navigate to Infrastructure > Authentication > Authentication Schemes.
498
  1. Click Create Authentication Scheme.
  2. Select Create a new object of type Authentication Scheme and click OK.
842
  1. Use the values in the table below to complete the dialog that appears.
Field NameDescription
NameEnter a name. For example, HyprAuthScheme
Authentication Scheme TypeCustom Template
Protection LevelEnter a desired Protection level or keep the default value
Password Policies enabled for this Authentication SchemeLeave default value
Librarysmjavaapi
SecretNot required. Leave it blank
Confirm SecretNot required. Leave it blank
ParameterExample:
com.netegrity.sdk.javaauthapi.HyprAuthScheme /siteminderagent/forms/hypr_login.fcc;HyprServerBaseURL=https://test.gethypr.com;HyprAppId=sampleApp;HyprRegURL=https://https://test.gethypr.com/hyprsp

Details are below.

HYPR Custom Authentication Scheme: com.netegrity.sdk.javaauthapi.HyprAuthScheme

Custom login page:
/siteminderagent/forms/hypr_login.fcc
This page does not have a password field as HYPR enables passwordless authentication.

HyprServerBaseURL:
Base URL for your HYPR server.

HyprAppId:
Application ID from your HYPR Control Center.

HyprRegURL:
If a user attempts passwordless authentication without first registering a device, they will be redirected to this URL/page to initiate a device registration flow.

Note: There is a space between
com.netegrity.sdk.javaauthapi.HyprAuthScheme and
/siteminderagent/forms/hypr_login.fcc
Enable this scheme for CA Single Sign-On AdministratorsNot required. Select per your environment.
Persist Authentication Session VariablesNot required. Select per your environment.

🚧

MAKE SPACE

Please ensure that there is a space between the Java Class name and other parameters, as shown below.

  1. Click Submit. A Confirmation message displays at the top.

Select the HYPR Authentication Scheme for a Realm

  1. Log into the CA SSO admin console.

  2. Navigate to Policies > Domain > Domains.

  3. Select a domain to edit by clicking on the pencil icon to the right of each entry.

  1. Select the Realms tab.

  1. Select/edit a Realm by clicking the small arrow icon.
  2. Expand the Authentication Scheme drop down and select HyprAuthScheme.
  3. Click OK.
  4. Click Submit.
1390

Deploy HYPR Custom Login Form (hypr_login.fcc)

HYPR provides a simple custom login form (hypr_login.fcc) for passwordless authentication. This is a sample form without a password field.

Open hypr_login.fcc in a text editor and replace https://your_hypr_Server.com/hyprsp with the URL of your HYPR Server.

Deploy hypr_login.fcc to CA SSO Secure Proxy Server in <Install_Dir>/CA/secure-proxy/proxy-engine/examples/siteminderagent/forms.

1410

hypr_login.fcc

🚧

Restart Your Engine

If you make any changes to hypr_login.fcc, you may need to restart CA Access Gateway Engine service.

Testing

Access a CA SSO protected or federated web application. The user will see the hypr_login.fcc.
The user can enter a username and continue with the passwordless authentication flow.

Updated 21 days ago