Custom Authentication Module
This guide provides instructions to configure the HYPR Custom Authentication Scheme in CA Single Sign-On (CA SSO) to enable passwordless authentication.
- Access to CA SSO administrative console.
- Access to HYPR Control Center.
- Contact HYPR support to acquire HYPR Custom Authentication Scheme for CA SSO.(HyprAuthScheme.jar) and HYPR Client SDK (java-client-xxx.jar) JAR files.
- HYPR Custom Login Form (hypr_login.fcc).
- A test web app/resource protected with CA SSO. When the user tries to access this web app, CA. SSO will utilize HYPR for passwordless authentication.
Deploy Custom Authentication Scheme JAR files
Stop the CA SSO Policy Server service.
Place JAR files (HyprAuthScheme.jar and java-client-xxx.jar) in the following directory of CA SSO Policy Server:
Edit JVMOptions.txt in a text editor. This file should be located on CA SSO Policy Server in the following directory:
In JVMOptions.txt, locate "-Djava.class.path" parameter and add full paths to above two JAR files as down below.
Start CA SSO Policy Server service.
Configure HYPR Custom Authentication Scheme
Log into CA SSO admin console.
Infrastructure > Authentication > Authentication Schemes.
Click on "Create Authentication Scheme".
Select "Create a new object of type Authentication Scheme" and click OK.
|Name||Enter a name. For example, HyprAuthScheme|
|Authentication Scheme Type||Custom Template|
|Protection Level||Enter a desired Protection level or keep the default value|
|Password Policies enabled for this Authentication Scheme||Leave default value|
|Secret||Not required. Leave it blank|
|Confirm Secret||Not required. Leave it blank|
Details are below.
HYPR Custom Authentication Scheme: com.netegrity.sdk.javaauthapi.HyprAuthScheme
Custom login page:
This page does not have a password field as HYPR enables passwordless authentication.
Base URL for your HYPR server.
Application ID from your HYPR Control Center.
If a user attempts passwordless authentication without first registering a device, they will be redirected to this URL/page to initiate a device registration flow.
Note: There is a space between
|Enable this scheme for CA Single Sign-On Administrators||Not required. Select per your environment.|
|Persist Authentication Session Variables||Not required. Select per your environment.|
Ensure that there is a space between the Java Class name and other parameters as shown below.
Select HYPR Authentication Scheme for a Realm
Log into CA SSO admin console.
Policies > Domain > Domains
Select a domain to edit by clicking on the pencil icon.
Select Realms tab.
Select/edit a realm by clicking on the small arrow icon.
For "Authentication Scheme" expand the drop-down and select "HyprAuthScheme".
Deploy HYPR Custom Login Form (hypr_login.fcc)
HYPR provides a simple custom login form (hypr_login.fcc) for passwordless authentication. This is a sample form without a password field.
Open hypr_login.fcc in a text editor and replace "https://your_hypr_Server.com/hyprsp" with the URL of your HYPR server.
Deploy hypr_login.fcc to CA SSO Secure Proxy Server. It can be deployed in the following directory:
Please note that if you make any changes to hypr_login.fcc, you may need to restart CA Access Gateway Engine service.
Access a CA SSO protected or federated web application. The user will see the hypr_login.fcc.
The user can enter a username and continue with the passwordless authentication flow.
Updated about 2 years ago