Call Us : 1.949.777.6959  |  sitemap
 You are here: Home  > Products  > Web Applications  > SecureAuth for Computer Associates SiteMinder
SecureAuth® for Computer Associates SiteMinder®

MFC SecureAuth is the only tokenless, non-phishable authentication solution for CA SiteMinder that strongly authenticates the end-user and the web site, in an easily deployable manner. SecureAuth provides a turnkey solution that delivers an algorithmically proven method to thwart phishing, DNS and man-in-the-middle attacks.

Because SecureAuth is able to “expose” its authentication as a URL to an application, a SiteMinder deployment is able to take advantage of the eloquent design. The SiteMinder admin simply creates a policy to redirect an unauthenticated user to the SecureAuth authentication appliance.

The SecureAuth authentication appliance is set up as SiteMinder HTML Forms authentication. Once directed to the SecurAuth appliance, SecureAuth conducts a 2-way authentication of the user. Upon a successful authentication the user issued a valid SiteMinder SMSESSION ticket and redirected to the target resource. Since the user now has a SMSESSION ticket, SiteMinder grants access to the user and the user is granted access to the resource. No coding or APIs are needed for the solution.

Distinct Features:
  • SecureAuth integrates directly into existing SiteMinder installation.
• Utilizes SiteMinder’s native “HTML Forms” Authentication.
• SecureAuth creates a native SiteMinder “SMSESSION” ticket.
• Secure/extensible federation model Target/Redirect functionality.
• Target/Redirect Model - No Coding.
• Bi-lateral, client/server authentication.
• Out-of-Band Registration via SMS Text Messaging and Telephony One-Time-Passwords.
• No need to force SiteMinder to utilize C-SSL authentication.
• No PKI infrastructure to install.
• Cross-platform Support: XP, Vista, Mac, Linux

Advantages:
  • Fully portable solution.
• Virtual Server or hardware appliance models.
• No hard tokens to issue or manage.
• Fraction of the cost of hard tokens.
• No integration code required.
• Uses existing datastore.
• Complies with PCI, FFIEC, GLB, HIPAA, and other regulations.

The SecureAuth/SiteMinder solution is designed to scale to millions of users.
Figure 1: SecureAuth is set up to be the trusted authentication URL for a SiteMinder deployment.