Skip navigation
All Places > CA Security > Blog
1 2 3 Previous Next

CA Security

131 posts

Goal #3: Developing Standardized, Reusable Components

 

In our journey so far, we’ve discussed how to achieve our first two goals in building an IAM operations software factory, simplifying application onboarding and creating an enterprise IAM framework. In this blog, I will cover goal #3—developing standardized reusable components.

 

Having standardized reusable components makes your IAM factory agile and efficient. However, since they are more complex than cookie-cutter components, standard reusable components require proper planning, strategy and investment in resources and funds. Surprisingly enough, many IAM stakeholders fail to leverage this goal—some are too busy meeting tactical objectives while others put it in a backlog that may or may not ever be acted on.

 

One thing is for certain: In a medium to large IAM operations environment, not using standardized, reusable components becomes very expensive in the long term.

 

So why not nip that expense in the bud? The sooner you get started, the more you’ll save. I highly recommend developing these artifacts and components in a reusable and extensible manner:

  • Design documents
  • Operations manuals
  • Integration modules
  • Data definitions
  • User interfaces
  • Business logic
  • Workflow
  • APIs

  

Once you take the plunge in developing reusable components, it’s important to adhere to relevant industry practices so that you meet corporate compliance needs across all facets of your organization. This leads us to create standards that all parties must follow to ensure optimal development and faster value realization for everyone involved.

 

Why are these standards so important? Simply put, reusable components without standardization lead to chaos when trying to achieve the desired outcomes: efficiencies, synergies and cost savings. And when you develop standards for reusable components, you’ll soon realize that your organization is growing in operational maturity.

 

Here are some examples of standardized reusable components. One is a generic five-step workflow with escalations and exceptions that can be used for all business processes, from the most simple to the most complex. Another is a standardized set of data and web services definitions that can be used to integrate business applications such as ERP systems and mainframe with your HR systems and CA Identity Suite. This can be done either directly or by using policies developed for CA API Gateway, thus giving you low-code reusable options for business process integration.

 

As I mentioned in my first post in this series, developing standardized reusable components is a tremendously useful capability to achieve and sustain. Think of it as creating a portal and enchanting your inventory items in Minecraft to defeat ender dragon. And once you’ve achieved goal #3, it will be so much easier to accomplish our last two goals: agile devOps and automation. Stay tuned!

The revised European Payment Service Directive (PSD2) came into force at the beginning of 2018, and banks are now racing to comply and leverage business opportunities. But while they’re scrambling to secure their systems, the new regulation could potentially become an obstacle to banks.

 

The challenge is twofold. The first is how to contain the cost of complying quickly with a regulation that in and of itself doesn't bring in any revenue, even though it can speed up the adoption of an open platform, which would put banks at a competitive advantage. Another challenge is how to reap the long-term benefits of adopting an API approach, which can save time and resources in software development, maintenance and evolution.

 

The answer to both of these challenges lies in the CA PSD2 packaged work product (PWP). Based on the recognized NextGen PSD2 standard formalized by the Berlin Group, the PWP offers a predefined set of APIs that bridge legacy banking payment and account services to a modern and standardized interface that provides and supports:

 

  • Payment initiation, account information and funds confirmation
  • A diverse range of strong customer authentication methods
  • Re-use of an existing banking standard
  • Modern interfaces based on the newest technologies, such as JSON, RESTful and OAuth2
  • Secure banking resources using identification standards such as eIDAS

 

The PSD2 PWP is not just a quick fix, though: Its value proposition also includes providing the pillars of broader, long-term adoption of APIs, a move that will leverage the building blocks of innovation and support banks in their digital transformation initiatives.

 

What challenges have you faced in complying with PSD2? How have you beat those challenges? Get the conversation going below. And if you have questions about the PWP, feel free to contact me at Vincenzo.Certo@ca.com.

Goal #2: Create an Enterprise IAM Framework

 

Hello IMAG Jedis, and to all my French IMAG Jedis, congratulations on winning the 2018 FIFA World Cup!

 

In this leg of our journey to build an IAM operations software factory, we’ll tackle Goal #2, creating the heart, soul and brain of your factory—the enterprise IAM framework. For those who missed it, Goal #1 can be found here.

 

An enterprise IAM framework is an organized and governed set of solutions, tools, integrations and processes that comply with one or more defined regulatory standards to support:

  • Identity life cycle management
  • User information repositories
  • Authentication
  • Authorization

 

So how do you build an IAM framework? There’s no secret here: Either you get a top security architect locked in a room with a bunch of awesome developers or you adopt an industry-leading security solutions portfolio of products such as CA Identity Suite, CA SSO, CA Advanced Authentication, CA Directory and CA API Gateway.

 

It’s essential to know that user data protection is of utmost importance, since it covers a broad spectrum of data from personally identifiable information to information about assets such as financial instruments. This brings us to two other important aspects of the IAM framework: identity life cycle management (ILCM) and user information repositories (UIRs). These are closely tied to each other, since UIRs are enablers of all existing ILCM solutions. Your IAM framework must support applicable regulatory needs (PII, PCI, SOX, GDPR, etc.) while managing the identity life cycle across all UIRs. The IAM framework must also maintain a fully secured audit trail of all its transactions (yeah, it can be done the legacy, blockchain or hashgraph way). Note that it is not just creation and maintenance of identities that are important—a compliant purge of identity and related information is a must, too.

 

Next up are authentication and authorization. Your IAM framework must have capabilities to support multi-factor authentication (MFA) and single sign-on (SSO). Modern enterprises rely heavily on both MFA and SSO to provide the much-needed optimal customer experience (CX) and trustable security. That requires the IAM framework to manage different forms of credentials in its own repository and in other commercial off-the-shelf (COTS) products. Provisioning and management of entitlements across business applications using an access request capability powered by a workflow enabler is essential to an IAM framework’s ability to meet authorization needs.

 

IAM frameworks have evolved and will continue to evolve. For instance, with widespread adoption of the Internet of Things (IoT), I see IAM frameworks evolving to support the IoT as well. Enabled by secure APIs (SAPI), enterprise IAM frameworks may very well evolve to comprise:

  • Endpoint-anchored, multi-property-based identity authentication
  • Workflow-enabled seamless authorization for applications
  • Token management for delegated and federated user information

 

More on the future of IAM frameworks in an upcoming post. Before I go there, let me repeat what I said in my first post about the IAM operations software factory: Simplified application onboarding and an enterprise IAM framework can’t by themselves provide the efficiency we seek. We also need standardized, reusable components—a tremendously useful capability, akin to creating a portal and enchanting your inventory items in Minecraft to defeat ender dragon. Stay tuned for my next post on that very topic.

 

Until then, I look forward to your hearing from you all.

Identity and access management (IAM) operations are typically complex and challenging. IAM operations, from security to governance, require careful consideration, planning and execution to orchestrate them in unison with business objectives.

 

Challenging they may be, but also worthwhile. When done right, IAM operations can significantly enhance your customer experience (CX) in support of overall business processes. That said, in the real world—your world—you have your own version of IAM operations, which you’ve gone to significant extremes to keep running like a Tesla in ludicrous mode. Kudos!!!

 

So now the question is, how can we improve your IAM ops? If you have a roadmap for success, how about taking it to next level by setting up a software factory—introducing agility and setting the stage for automation? Yes, the death of Moore’s Law is already proving beneficial. In this series of blogs, I will discuss setting up a software factory for your world—IAM operations.

 

At the core of IAM ops is an IMAG solution such as CA Identity Suite that’s integrated with your applications, directories and databases (known as endpoints in CA Identity Suite lingo). Endpoint integration is called application onboarding, a process that involves understanding use cases and integration aspects and then integrating the application into your IAM framework. Doing this at an enterprise scale gets complicated when working with applications that can be managed by an IMAG solution’s OOTB connectors and legacy applications that don’t provide integration interfaces. Managing identities, accounts and access for these applications and having proper governance creates silos in operations that lead to non-compliance to regulations and indirect operations costs. This leads us to our first goal when establishing a software factory for your world: Simplify application onboarding.

 

Next up is the challenge of creating an enterprise IAM framework that supports security and compliance needs without having to deal with performance issues that impact your CX. This framework should be simple and extensible, and it should support all types of users and their business needs as well as business operations. So the second goal of our software factory is to create an enterprise IAM framework.

 

But simplified application onboarding and an enterprise IAM framework can’t by themselves provide the efficiency we seek. What’s missing? If we look carefully, we soon realize that we need standardized, reusable components—a tremendously useful capability to achieve and sustain, akin to creating a portal and enchanting your inventory items in Minecraft to defeat ender dragon. So our third goal is standardized, reusable components.

 

Taking inspiration from Elton John’s “This Train Don’t Stop There Anymore,” I suggest that we need an agile train—a train that keeps chugging, helping us to expand the footprint of your world to as many applications, directories and databases as possible and that copes with operational overheads like version control, upgrades, break fixes, enhancements and releases. May the fourth (goal) be with you: agile devOps.

 

The last (but not least important) aspect of the software factory is automation that permits collaboration of software in support of business processes. While not everything can be automated right now, we must explore and implement (where possible) automation in your world’s software factory—monitoring, notifications, simple deployments and simple defect resolutions. Our fifth goal: automation.

 

In upcoming blogs, I will discuss each goal in more detail. Until then, feel free to let me know if you have identified other goals for the software factory in your IAM operations world. 

 

Related information: CA Services Security Catalog

Hello Security practitioners! As CA World ’17 fast approaches, excitement is building. We’re in for a leading-edge conference that’s all about removing barriers between your ideas and your desired business outcomes. Luminaries will share fresh perspectives and show the powerful features of CA Security solutions.

This year, CA Services has several sessions during pre-conference education (November 13 & 14). If you are attending, plan ahead to get into your preferred seats; demand is high, and they fill up quickly. Below is a preview of some hot topics I recommend throughout #CAWorld (including a couple where I will be speaking), and again, we will keep the dialogue flowing before, during and after, so If you would like assistance in setting up a meeting with a CA representative at CA World, feel free to contact  aubge01  jerry.aubel@ca.com.

 

Precon Ed: That’s Not Your Cookie: A CA SSO Hardening Guide

CA Single Sign-On offers capabilities to secure your SSO session and increase the security of your SSO environment. When the solution is properly configured, you can reduce the attack surface of your environment and implement multiple layers of security.

 

Speaker: Jason Wilcox Jason_Wilcox

Precon Ed: Building Mobile Apps with Improved Security and Better User Experience (LAB)

Learn how to build mobile applications with embedded security in hours with CA Rapid App Security. Add frictionless access to mobile applications and combine it with contextual authentication to provide higher security and improved user experience. Learn how to make it easier for developers and more secure for customers to do business with your organization through your mobile apps. Take advantage of advanced security capabilities and an API-based framework to unlock efficiencies.

 

Speakers: Jayesh Kalro kalja01    Faiz Usmani usmfa02

Precon Ed: Migrating from ODSEE to CA Directory (LAB)

Is your organization running ODSEE? Worried about its looming end of life? Learn how to migrate off this product to CA Directory in a controlled, phased way. You will gain increased scalability, reliability and performance using less hardware.

Speaker: Ron Lindberg

Precon Ed: Performance Testing Your CA Security Environment with CA BlazeMeter® (LAB)

Your CA identity solutions are critical infrastructure components that must perform at peak capability. With CA BlazeMeter® you have an industry-leading performance testing and evaluation solution with the flexibility to test CA Security solution performance and individual solution components. This session walks you through building and executing test cases for CA Directory, CA Single Sign-On, and CA Identity Manager. We will discuss performance testing with CA BlazeMeter® and using CA BlazeMeter® in your everyday performance management plan.

Speaker: Jason Wilcox

Keynote: Making Security a Competitive Advantage

As every business becomes a modern software factory, every user experience will depend on a user interacting with an application. Transforming the business means bridging the gap between security and DevOps and making the user experience frictionless to make security a competitive advantage. Mo Rosen and Sam King will share the CA formula for securing the modern software factory and innovations that build trust between users and applications.

CA Identity Suite Launch and Roadmap

Success in the application economy demands new levels of user engagement, increased protection against breaches and increased insight into effective operation of identity management services. CA Identity Suite has introduced major new capabilities to meet these challenges while simplifying management of user identities. This session will review the CA Identity Suite roadmap and strategy and discuss how these solutions can provide an outstanding user experience, governance of privileged users and dramatically simpler deployment of identity services.

If you aren’t going to CA World, but would like information about one of the below topics, please contact Jerry.Aubel@ca.com.

For more information, check out the #CASERVICES Security blog series. Have a question, comment, or post request? Feel free to post in the comments section of this post.

Customer identified some vulnerability with the version of rpc.statd running in their CA directory's machines.

CA Directory 12.0.18 (build 12074) Linux 64-Bit, they also use CA SSO 12.52.0105.2112

They want update to the latest version of rpc.statd and want to know if there could be any problem with CA Directory.

 

Answer:

 

rpc.statd controls shutdown/reboot notification for NFS locking.

 

The only impact this daemon has on CA Directory would be if CA Directory were installed on a NFS mounted drive, as CA Directory uses file locking under $DXHOME/pid to control the running state of the DSA. These locks are held for very short periods of time (sub millisecond) to protect against concurrent access.

The only way an update of rpc.statd would cause a problem was if it introduced a bug. It is safe to say that would be extremely unlikely.

 

In summary, we don't see this being an issue and we've never seen rpc.statd related issues logged against the product.

CA Directory introduced (in release 12.5) a configuration setting to improve the performance of a router DSA in situations where large numbers of bind, compare and search requests are occurring. We wanted to make sure that this capability was explained so the team recently produced a performance evaluation report of the benefits of this setting. Attached you will find this report which describes how the testing was done and the conclusion regarding the optimal settings. Your personal performance gains may vary so we suggest executing your own testing if you desire to use this feature and see what benefits your environment may achieve.

 

Our internal testing showed that in some cases the throughput increased 100% by using just a few DSP links configured on the router. We hope you will find this information valuable and appreciate your feedback!

 

Thanks,

Rob Lindberg - Product Manager for CA Directory on behalf of the entire CA Directory team

RobLindberg

Idea Management 2.0

Posted by RobLindberg Employee Mar 28, 2017

Hello Community Members!

 

I'm your new product manager for CA Directory and I want to thank you for your participation in our enhancement process. As you all have hopefully noticed, we've given some recent attention to the ideas that have been submitted but hadn't been updated. We've marked many to show that they have already been delivered and we've put several under review. Lastly, we have indicated for some that we have no plans to implement them. Our intent is to provide feedback on a regular basis for ideas that are being submitted and as well as those that we are considering and will incorporate into our upcoming release planning. Also, your votes provide us with the insight we need to prioritize what's important to the community

 

So, please keep the ideas and votes coming since we would love to hear how we can improve and enhance CA Directory.

 

thanks,

 

Rob

wilda05

The Power of Planning

Posted by wilda05 Employee Mar 28, 2017

Whether applications reside in the enterprise or the cloud, managing user identities and access to key resources is a critical function for IT organizations. It’s especially critical for CIOs who are under increasing pressure to cut operating costs, demonstrate continuous compliance and support business initiatives.

 

All of the above constitute excellent reasons for prioritizing proper planning in these domains.

If you’re using a waterfall approach, even the most comprehensive plan must allow for flexibility, as there’s always give and take as new business objectives and challenges come to light. On Monday, the client may say that the requirement is X and on Thursday, they’ll go with X plus Y, having determined in our meetings that Y is a priority.

 

With agile deployments, which CA Services is doing more frequently, planning sprints and continuous improvement are in the nature of the model, cycling repeatedly throughout the project. The goal is to constantly show incremental progress.

Ongoing planning is so important that we usually spend 35% of each day in at least two or three one-hour planning meetings. That’s our time to work through workflows with various players on the implementation team, including the sponsoring manager and technical leads from the client side, business analysts and occasionally infrastructure people. One or two senior consultants then spend the rest of each day executing the plan. They report back daily on their progress, challenges, and things they need, particularly from the client.

 

Another major aspect of planning is having the right skill sets on both sides of the team—and knowing where those resources will come from well before they are needed. Often we supplement the blended team with a larger, collaborative team to deal with certain challenges, so we identify where we need that extended collaboration and get that done expeditiously.

 

A viable plan is essential, but just as essential is communicating the plan—and progress against the plan—to all stakeholders, including executive management, the project team and end users, among others. Sometimes executive management doesn’t receive enough updates on the day-to-day aspects of the project. You don’t want to surprise them at the last minute with a request for a couple more weeks.

 

That, in a nutshell, is the power of planning.

Hello CA Single Sign-On Community Users,

 

Please find below the list of the latest Knowledge Base Articles  for Single Sign-On (Formerly CA SiteMinder)published or updated since 8th September 2016 for your reference:

 

WSFED entities not showing up in Partnership config dropdown
WSFED entities may not show up in a Partnership configuration if the entities themselves are configured improperly
Last Update: 2016-10-24    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1305435

How to Use Multiple User Directories in a Partnership
This short guide is how to use multiple User Directories (i.e. LDAP and ODBC) in a Partnership. Helpful if migrating users from one User Store to another without having an outage.
Last Update: 2016-10-24    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1725014

Certificates Uploaded to Policy Store don't show up in WAMUI
Occasionally, certificates that are uploaded to the WAMUI will not show up in the certificate list, and will show a "certificate already exists method"
Last Update: 2016-10-24    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1259976

How to download CA Single Sign-On (formerly SiteMinder) components
Step b step procedure to download CA Single Sign-On (formerly SiteMinder) components from support.ca.com
Last Update: 2016-10-24    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1364894

Best practice on importing Agent Keys
Importing agent keys results in duplicate set
Last Update: 2016-10-24    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1392087

Failed updating KeyManagement object 1a-fa347804-9d33-11d3-8025-006008aaae5b. Status: 'Unknown Failure'
Unable to import KeyManagement object during smkeyimport. Agnet keys are imported fine , only the KeyManagement object fails to import.
Last Update: 2016-10-24    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1164436

Configuring SharePoint Workflow 2013 and the Single Sign On Agent for SharePoint 2010/2013
Details configurations required to integrate SharePoint 2013 and Workflow Manager Client 1.0 with the CA Single Sign On Agent for SharePoint
Last Update: 2016-10-21    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1729148

Protecting my SOAP Resource with WS-Security, I get the error Signature-0 was not accepted
This technote discusses about a specific error when configuring ws-security with timestamp.
Last Update: 2016-10-21    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1691635

Member group and Member Organizations search filter not working as expected
Member group and Member Organizations search filter not working taking the wild char or text based search filter
Last Update: 2016-10-21    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1074542

ExecutionTimeThreshold Introudced
Purpose of ExecutionTimeThreshold
Last Update: 2016-10-21    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1390939

XPath expression for Web Service Variable returning only first result
XPATH expression not working
Last Update: 2016-10-19    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1303225

Policy Server : Policy Stores Failover : CA Directory in SSL
How to configure CA Directory Policy store in SSL
Last Update: 2016-10-18    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1852061

Client IP and SMSESSION IP do not match after WAOP upgrade
IP Validation Failing after WAOP upgrade to 12.52
Last Update: 2016-10-18    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1968307

XPSImport is failing due to AgentType missing error in WebAgent Actions
(FATAL) : [sm-xpsxps-05810] Import failed Rule Action(s) (HEAD) do not match AgentType Rule Action(s) do not match AgentType
Last Update: 2016-10-14    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1427656

Accessing CA Directory Policy Store with restricted bind Users
This technote discusses the supportability to restrict the branches from the ldap tree for the bind user.
Last Update: 2016-10-14    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1988193

How can I redirect Users with expired password to custom fcc instead of smpwservices.fcc?
How do I get Siteminder to redirect users with expired password to my custom fcc instead of out of the box smpwservices.fcc?
Last Update: 2016-10-14    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1492067

Expired AD User password redirect customm fcc
Active Directory Users with expired password are being redirected to the out of the box smpwservices.fcc instead of our custom fcc while being redirected to change their password.
Last Update: 2016-10-14    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1942727

Policy Server :: Unable to Start : LDAP Policy Store Configuration
This technote discusses a problem when upgrading the Policy Server to R12.52 from R12.x which fails to start.
Last Update: 2016-10-13    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1525441

How to execute host registration for Java Agent API when ksh is not installed on the computer.
This explains how to execute host registration for Java Agent API when ksh is not installed on the computer.
Last Update: 2016-10-12    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1956964

CA SSO Report Server strategy
CA Report Server from CA Technologies as a component of the product.
Last Update: 2016-10-12    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1820619

About detail of Shared Secret between WebAgent and Policy Server.
What is the difference of Shared Secret, SmHost.conf and Policy Store ?
Last Update: 2016-10-12    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1089812

Agent for SharePoint :: SharePoint 2010 and SharePoint 2013 Instances : Protecting with the same Agent instance
I would like to use the same Agent for SharePoint instance, which is already protecting a SharePoint 2010 Server, to protect another distinct SharePoint 2013 Server. Can I do that?
Last Update: 2016-10-10    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1066617

Where can I find the CR Download Page for CA Single Sign-On (SiteMinder) ?
This technote discusses about where to find specific CR for SiteMinder
Last Update: 2016-10-10    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1616521

MS SQL 2016 support for Single Sign-on stores
Does Single Sign-on currently support the use of Microsoft SQL 2016 for stores e.g. policy store, user store, session store, audit store and password services?
Last Update: 2016-10-06    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1766333

CA Single Sign-On (SiteMinder) - Problem installing the SSO WAMUI on a drive other than the default C: drive
When trying to install the CA Single Sign-On (SiteMinder) AdminUI on a non-default drive, the service fails to install and the AdminUI fails to start when manually run via batch script.
Last Update: 2016-10-06    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1035638

 

Configure WebAgent for Apache multiple virtual hosts
Does apache virtual host support separate WebAgent for each Host, so thatwe could assign separate WebAgent.conf file and ACO for each virtual host?
Last Update: 2016-10-06    Size: 82 kb    Type: Knowledge Base Articles    ID: TEC1355714

LLAWP process is buggy after executed kill -9 command
In R12.52 SP1 CR05, we encountered 500 error after shutting down LLAWP process by using "kill -9".
Last Update: 2016-10-06    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1421423

LLAWP doesn't start
When httpd was started by apachectl -start, but LLAWP didn't start completely.
Last Update: 2016-10-06    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1883834

Right format for specifying Ciphers in server.conf for CA Access Gateway (formerly Secure Proxy Server)
CA Access Gateway Ciphers format for server.conf
Last Update: 2016-10-06    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1643058

How to setup a policy to Authorize User by the Authentication level
configure an authorization policy based on the Authentication level
Last Update: 2016-10-05    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1845593

Is it require to reboot Policy Server for failover of ODBC data source?
The reboot of a policy server is unnecessary, since policy server will reconnect when a policy server detects restoration of DB#1 in the case of the premise and a work outline of an inquiry.
Last Update: 2016-10-05    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1176053

How to decrypt Federation Open Format Cookie (Java)
Steps to consume (decrypt) Federation OFC cookie generated by Policy server
Last Update: 2016-10-04    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1539809

XPS Transaction COMMIT has failed errors for AgentInstance in smps logs
[CreateObject][ERROR][sm-xpsxps-00540] Previous error occurred on object "CA.SM::AgentInstance@PS-agent" [CommitOrTestRollback][ERROR][sm-xpsxps-00740] XPS Transaction COMMIT has failed. [CreateOrUpdateImpl][ERROR][CA-SM-Assert] Assert failed: Commit
Last Update: 2016-10-04    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1596363

Could not find service provider information for sp/idp
Exception while attempting to retrieve passwords: java.lang.NoClassDefFoundError: Could not initialize class javax.crypto.JceSecurity at javax.crypto.Cipher.getInstance(Cipher.java:643)
Last Update: 2016-10-04    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1446925

Post Preservation going into loop when going to the Cookie Provider
This technote discusses about the limits of using and configuring a Web Agent to act as Cookie Provider
Last Update: 2016-10-04    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1580684

How Webagent select the Policy Server where it will send request ?
This tech docs explains you how the WebAgent select PS to who it will send a request. It is doing intelligent round robin.
Last Update: 2016-10-04    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1351868

How to troubleshoot Failover/Failback between WebAgent and Policy Server ?
If you exprience some Failover/Failback to may want to check why. You need to use the AgentConMgr.conf and decompose by PID/TID to check each invidual thread
Last Update: 2016-10-04    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1983777

Set-Cookie: SMSESSION=LOGGEDOFF missing from the response on a log off request
LogoffUri not working
Last Update: 2016-10-03    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1494272

SPS is not able to connect to backend
Connection refused remotely, no process is listening on the remote address/port
Last Update: 2016-10-03    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1369467

Can we have two Apache web servers protected with two Web Agents on the same server?
This document enumerates the conditions to have two different Apache web servers with two different Web Agents on the same box
Last Update: 2016-10-03    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1012216

Performance Impact of Password Policy settings
The reason that password policy influences performance is for the writing to a user store to occur.
Last Update: 2016-10-03    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1210052

How to handle certificate authentication when UID is mapped to UserID or Email Address ?
This technote discusses about a workaround to make the certificate authentication succeeds when the UID should be found in more than one attribute.
Last Update: 2016-09-30    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1074295

How to configure the Policy Server Registry Key EnableSearchFilterCheck ?
This technote discusses about the details on the registry key EnableSearchFilterCheck and its possible values
Last Update: 2016-09-30    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1630034

Can access existing session from different browsers after Session Assurance setup
This document describes how to properly test the Session Assurance feature and explains why some tests could fail
Last Update: 2016-09-30    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1392984

SiteMinder WebAS ERP Agent connectivity issues
We are observing intermittent SAP ERP agent connectivity issues with the Policy server
Last Update: 2016-09-30    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1664939

username in smtoken being encoded
username in smtoken being url encoded during password change process.
Last Update: 2016-09-30    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1867466

About taskpersistence folder under derby folder.
What info is contained derby folder under adminui install path ?
Last Update: 2016-09-29    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1544737

How can we achieve high availability for Kerberos authentication?
Kerberos auth creating keytab files using FQND for smps service noting that the service MUST be resolved DNS forward and reverse. We have two policy server not option to add load balance service names in the Kerberos authentication scheme
Last Update: 2016-09-28    Size: 82 kb    Type: Knowledge Base Articles    ID: TEC1213853

How to get more information if CA Access Gateway (SPS) is failing SSL connection with back end ?
Tips to troubleshoot SSL connection between SPS and Backend : use -Djavax.net.debug=all
Last Update: 2016-09-28    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1950639

About the content of messages when XPSImport is executed.
About the meaning of messages which is output by executing XPSImport command.
Last Update: 2016-09-28    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1246825

 

Policy Server cannot connect to CA Directory through LDAPS when using TLSv1.1 only
This document shows the configuration parameters needed to be done in CA Directory to support TLSv1.1 for CA SiteMinder Policy Server connectivity.
Last Update: 2016-09-27    Size: 82 kb    Type: Knowledge Base Articles    ID: TEC1843713

How to validate SSO token
how to write a sample java SDK agent to validate existing SSO token(SMSESSION cookie )
Last Update: 2016-09-27    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1608436

XPSSweeper Auto Schedule not generating XPSSweeper log
Instructions/Best Practices on How to configure XPSSweeper Auto scheduling to generate XPSSweeper log
Last Update: 2016-09-26    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1993675

Linux Smconsole java.io.IOException Cannot run program "null\system32\tasklist.exe" error
A console error happens when I start smconsole with policy server not running. If the policy server is running and I start smconsole, it comes up fine. The console error happens when I click the stop button.
Last Update: 2016-09-26    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1695471

Expression builder within Domain Policies do not work correctly
Trying to build a domain expression within the domain (domain policies edit policy expression edit) however, there are problems with the expression builder.
Last Update: 2016-09-26    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1924447

Policy server crashes after rule with response redirect
Rule for onAuthAttempt, and a response with WebAgent-OnReject-Redirect crashes policy server after the rule is hit.
Last Update: 2016-09-26    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1694225

Not able to start SessionLinker with apache WebServer
Using Session Linker with apache webserver there could be a problem on starting it because you are not sharing the /tmp directory.
Last Update: 2016-09-26    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1895555

How to migrate Affiliate domain from 12 SP3 to 12.52 using smobjexport and smobjimport tools
Migrate Affiliate domains from 12 SP3 to 12.52
Last Update: 2016-09-22    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1830083

SPS Server will stop servicing requests after some time when STS is deployed / enabled
Exception: java.lang.StackOverflowError thrown from the UncaughtExceptionHandler in thread
Last Update: 2016-09-22    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1467488

After Web Agent upgrade from 12SP3 to 12.52SP1, the .fcc page shows its code instead of the login page.
This technote discusses about the solution for the .fcc code that could be shown in the browser instead of the login page
Last Update: 2016-09-22    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1978163

Issues with using Regular expression in domain
We have many applications and webservices coming in. We tried to reduce the work by using regular expressions, however it is not functioning correctly.
Last Update: 2016-09-21    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1132122

XPSSweeper Output question
We see three numbers being displayed after running XPSSweeper. We want to know what they mean.
Last Update: 2016-09-21    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1530309

Users not Getting Authorized
We are unable to login, with no errors being reported in the logs. Disabling Single-Sign On allows the user to access the application.
Last Update: 2016-09-21    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1126741

Report Server & Audit report connections details
Where does report server connection, audit report connections are stored
Last Update: 2016-09-21    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1843996

Why is my SSL-enabled apache not starting with a message stating "cannot read password from file" ?
Having ssl-enabled apache in SPS using a server key and certificate, the http daemon fails to start with a message about a failure to read password from file
Last Update: 2016-09-21    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1556076

TAI Connector configuration
Do we need to install the SIteMinder Agent for IBM WebSphere v12 to get this TAI connector functionality enabled?
Last Update: 2016-09-21    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1917158

How to configure APS Forgot Password (FPS) Interface
Steps to configure APS FPS interface
Last Update: 2016-09-21    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1323498

SPS is not starting after applying the workaround solution for XXE (XML External Entity) vulnerability
ProxyServer initialization failed;Caused by: org.apache.catalina.LifecycleException: Failed to start component;Caused by: org.apache.catalina.LifecycleException: A child container failed during start;InitCatalina failed ('Failed to start component [Standa
Last Update: 2016-09-20    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1840176

How much is the max length (in characters) of a SMSession cookie?
The SMSession cookie length is not fixed. The SMSession cookie will generally be between 800 bytes an 1K.
Last Update: 2016-09-20    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC588181

Unable to start CA SPS Services after enable httpd SSL
SPS unable to startup after enable httpd ssl with error unable to read pass phrase
Last Update: 2016-09-20    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1551985

Import certificate failed in WAMUI causing no certificate displayed in WAMUI
Import certificates failed causing two certificates with same alias in certificate store
Last Update: 2016-09-20    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1326351

smobjimport invokes XPSSweeper when it is successfully completed.
This article explains the specification of smobjimport functionality in r12.5x.
Last Update: 2016-09-20    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1067866

Encrypted Active Response
How to send and consume encrypted active response
Last Update: 2016-09-20    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1703842

How to configure Open Format Cookie and consume it
Send and consume open format cookie
Last Update: 2016-09-20    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1487052

x509 Cert mapping case sensitive
defect - certificate mapping is case sensitive if custom expression mapping is used
Last Update: 2016-09-19    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1730883

 

X.509 Cert Authentication with Apache Agent
How to configure X.509 cert authentication with CA Single-On Web Agent on Apache web server
Last Update: 2016-09-19    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1741628

Workaround for XXE (XML External Entity) type attack
XXE (XML External Entity) type attack
Last Update: 2016-09-19    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1051415

Kerberos authentication using AES256 encryption
Use case Linux policy server, Secure Proxy Server, windows 2008R KDC conifgured with Kerberos authentication using AES256 SHA1 encryption
Last Update: 2016-09-16    Size: 82 kb    Type: Knowledge Base Articles    ID: TEC1940867

Kerberos authentication using AES 256bit encryption failing
Deployment use case Secure Proxy Server 12.52 SP1 Linux with policy server 12.52 SP1 also on Linux implement Kerberos Authentication using AES 256 bit encryption against Active Directory KDC
Last Update: 2016-09-16    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1921291

Key Management tab is missing
Key Management tab is missing in adminui; how to add Key Management tab in adminui
Last Update: 2016-09-16    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1702097

Failed to initialize event handler library error
Failed to initialize event handler library “/opt/CA/siteminder/lib/libEventIntroscopeprovider.so"
Last Update: 2016-09-16    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1748102

Required Linux Libraries for Web Agent r12.51 CR06 or later (64-bit) on Red Hat 7.x (64-bit)
This article explains the installation requirement for newly certified platform.
Last Update: 2016-09-16    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1450842

How to change the admin password with Federation Manager ?
You may want to change the admin user password to login to the FedMa adminUI, please use XPSConfig
Last Update: 2016-09-15    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1529369

Temporary password
Is there a SiteMinder API that will create a temporary password which expires after 24 hours if not changed?
Last Update: 2016-09-14    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1411884

OAUTH Partnership Error Dispatcher object thrown unknown exception while processing the message
Dispatcher object thrown unknown exception while processing the message. Message: Connection timed out: connect Exception occurred while message dispatcher (srca) object trying to send SOAP request message to the SAML producer
Last Update: 2016-09-14    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1584113

Support for TLS 1.1 and TLS 1.2 on CA Access Gateway (formerly CA Secure Proxy Server)
support for TLS1.1 and TLS 1.2 on SPS; do we support TLS 1.1 and TLS 1.2 on SPS ?
Last Update: 2016-09-13    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1873991

Can't stop AdminUI service properly.
When customer stopped AdminUI service, Windows service manager error as below occured, and can't stop properly.
Last Update: 2016-09-13    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1319367

Juel Expressions in SAML Assertions
Juel expressions are not working
Last Update: 2016-09-09    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1945124

Failed to create delegated GSSAPI token on behalf of HTTP/server03.domain.lab@DOMAIN.LAB for smps@server02.domain.lab: Minor Status=-1765328377, Major Status=851968, Message=Server not found in Kerberos database
While setting up kerberos authentication, I am getting "Server not found in Kerberos database" in the web agent trace log file.
Last Update: 2016-09-09    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1214508

KDC has no support for encryption type while getting initial credentials
We are trying to setup kerberos on siteminder and running into the following error. kinit: KDC has no support for encryption type while getting initial credentials
Last Update: 2016-09-09    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1213796

SiteMinder Policy Server failed to load JVM library.
Failed to initialize tunnel service library 'smjavaapi'. SmJavaAPI: Unable to get a JVM environment.
Last Update: 2016-09-08    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC477998

Password Data should be set to 0?
This document explains Password Data attribute type and why cannot be reset by a third party by setting the field manually.
Last Update: 2016-09-08    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1167658

SDK Agent cannot decode SMSESSION Cookie after rolling 3 Times the Agent Keys
This technote discusses about the behavior of the decryption when Agent Keys are rolled.
Last Update: 2016-09-08    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1853933

 

Please note that you can always access the full list going to the following link:

CA Single Sign-On 

 

Best Regards,

Ujwol Shrestha

Principal Support Engineer

CA Technologies

News & Announcements

General Availability Announcement for CA Privileged Access Manager Server Control

End of Support Announcement for CA SSO r6 Agent SDK

End of Support Announcement for CA Single Sign-On Agent for SAP ITS 5.6

The CA World '16 Session Catalog is Now Live!

 

Tech Tips & Support Docs

Tech Tip : CA Single Sign-On :Policy Server:How to encrypt password in Sm.registry file without using SmConsole

JasperSoft NT Service for IMAG (Apache Tomcat)

Tech Tip : CA Single Sign-On ::What information is stored in the SMSESSION Cookie

[SLIDES] Why Upgrade to CA Privileged Access Manager Server Control

Tech Tip - CA Identity Management and Governance Last week's Knowledge Documents

Chat Transcript: Office Hours for CA Privileged Access Management [AUGUST 2016]

Cloud Web Services to/from Identity Management

Tech Tip - CA PAM: RDP Application

How to enhance Task Persistance DB performance when running on Oracle 11gR2 DB

CA SSO : RHEL7 and Semaphores

Active Directory 1000 page limit and ldapsearch -E option

 

Videos

Simplifying Secure Server Access Control: Why Upgrade to CA Privileged Access Manager Server Control

 

Answered Questions

sm-xpsxps ERRORS after upgrade 12.5 SP3 to 12.52 sp1

Moving policy objects configuration to other environments

CA PIM 12.9 - Session Recording

Causes for outage due to trusted host issue

 

Open Questions

Click on a thread below and help 'em out!

smconsole not launching in xwindow display

SSL Error

IWA server startup issue

SMPUBLISH in remote server

Siteminder 12.52 CR04 Admin UI

What are the possible scnerios Siteminder returns 401 response?

How to read objectGUID / binary attribute

IDM Question & answers data migration from prov to user store (CA Directory)

List account report ldapsearch or etautil

Can we get a proper documentation for identity manager TEWS integration with Siteminder. This is the part of our identity portal integration with identity manager, where in identity manager we are using custom Active Directory Authentication module. Custo

XPSImport does nt show federation objects

SiteMinder parallel upgrade R12SP3 to R12.52SP02

 

New Ideas

Click on an idea below and vote it up or down!

Allow offline download of CA PAM Client

Load Balancing capabilities for CA Access Gateway (formerly CA SPS)

Command line options for Policy server management console (smconsole)

Additional User Account Details in CA PAM

HP Tipping Point IPS appliance is  uncompatible with Xceedium

Filter for “Privileged Accounts” report

Ability to assign multiple target account under policy(transparent login)

Adding the user name in the PID request form

Unable to integrate Mcafee Web Gateway Web Portal with CA PAM 2.6

Account name on the request form

No Risk Authentication with Valid SMSESSION

Support for a modern HSM within Auth/RiskMinder

Support for vCenter Server 6.0 and PAM integration

Remove JBoss/Tomcat Agent limitations for modern Java applications

Enhancement Request for PeopleTools 8.55 ERP Agent

Support for Bluecoat SG Proxy 6.2.12.3

 

Upcoming Events

Click on an event below to RSVP and add it to your calendar!

Bridge Your Journey to the Cloud with Identity-as-a-Service [AUG 23]

CA + You: Solving Your API Challenges [AUG 24]

Office Hours for CA Single Sign-On: A Live Online Chat [AUG 25]

Payment Security: Aligning to a Broader “Digital Business Transformation” Agenda Panelists [AUG 31]

CA World '16

 

Thanks for answering questions this week...

justin_leong

Ujwol

GwanYu_Kim

wonsa03

News & Announcements

 

IMAG:  Active Directory Lab Env. with SSL/TLS Certs

G1GC (JVM Garbage Collection) for Identity Governance Wildfly

IMAG SQL Server Maintenance (Free)

 

Tech Tips & Support Docs

Tech Tip : CA Single Sign-On :: Policy Server:AgentConnectionMaxLifetime read multiple times from policy store

Tech Tip - CA Identity Management and Governance Last week's Knowledge Documents

Tech Tip : CA Single Sign-On :X.509 Cert Authentication with Apache Agent

Tech Tip - How to trace ActiveX for PIM Autologin

Tech Tip - CA Single Sign-On: Error 81 against AdvAuthExternalLDAPDir user directory

How to configure CA PAM to manage one unix account with another

Answered Questions

Does Splunk Webportal works via CA PAM?

SiteMinder r12.52 SP1 CR05 smkeyimport command error/failed 

CA Advanced Authentication with Siteminder

How-To Rollback Connector server.from SP4 to SP2

CA PAM - Endpoint connectivity

etautil for update account template in AD

SM Session Cookie not generated 

IWA for weblogic

Password Policy in Siteminder

Monitoring connection to 'XXXXX' failed. Retrying... no free connection for agent host 'XXXXX'

I am the idp and getting error message after adding encryption cert,

Executing SP garbageCollectTaskPersistence from a SQL client Or from a batch script

SM_EVENTID=13,Visit?

Secure Proxy - Issues post installation & configuration

CA Directory does not store DN value

Siteminder oAuth2.0 Implenetation

Seperate Key store from Policy Store

 

Open Questions

Click on a thread below and help 'em out!

 

Triggering Policies from BLTH

Variables in PIM

SSO Web Service Agent r12.52 SP1

Can we build a policy that only applies to employees at the firm <90 days?

XPSIMport fails during patching

IDM TaskPersistace DB Cleanup

General Advanced Authentication

smpolicysrv LAST_MESSAGE_TIME value

 

New Ideas

Click on an idea below and vote it up or down!

Expand RDP Window in CA PAM

CA SPS : STS : Automate Logging Configurations

CA SPS : STS : CheckPoint Logging

Protect IDMMANAGE

Enable web agent to handle Ajax 302 redirects to validate 3rd party cookie domain

upgrade progress

Password Management into PAM Dashboard

Allow download of CA certificates and CRLs

Remove CRL Requirement for Server SSL Certificates

GM - Add scheduling to Share My Work

Configurable LDAP lookups on import

Enhance visibility of the Pending Area for Certification tasks

Publish and Unpublish certifications tasks

 

Upcoming Events

Click on an event below to RSVP and add it to your calendar!

Office Hours for CA Privileged Access Management: A Live Online Chat [AUG 18]

Bridge Your Journey to the Cloud with Identity-as-a-Service [AUG 23]

Office Hours for CA Single Sign-On: A Live Online Chat [AUG 25]

Payment Security: Aligning to a Broader “Digital Business Transformation” Agenda Panelists [AUG 31]

CA World '16

 

Thanks for answering questions this week...

Ellery

wonsa03

Ujwol

KennyV

lutch01

SumeetM

Kevin19

mcdju01

Chris_Ryan_Thomas

Sharana

News & Announcements

Register for CA World '16 | November 14 – 18, 2016

CA Privileged Access Manager 2.6.x: Administration Foundations 200

DocOps--Custom PDFs and ePubs are now Available

Community Hack - Assigning Labels to Connections

 

Tech Tips & Support Docs

Tech Tip - CA Single Sign-On: Policy Server fails to locate certificate in smkeydatabase

Tech Tip - CA Identity Management and Governance Last week's Knowledge Documents

Tech Tip - Discover Privileged Account Wizard (No Endpoint Options) 

Chat Transcript: Office Hours for CA Advanced Authentication [AUGUST 2016]

Tech Tip - CA Single Sign-On: Name Identification for assertion

Tech Tip - CA Single Sign-On: "Unable to verify tryno count" error

Tech Tip ::Authentication Behavior when multiple users have same UID

Tech Tip : CA Single Sign-On :: Policy Server:How to Configure Enhanced Session Assurance

Tech Tip : CA Single Sign-On :: CA Access Gateway:How to troubleshoot Advanced Authentication Flow Application (Session Assurance)

Tech Tip : CA Single Sign-On: R12.52SP1CR5 Policy server crash when load JVM

[SLIDES] Week 6 - AWS Controls

SSO Hardening & Session Security

 

Videos

Privileged Access Management: Supplementing with fine-grained Host controls

Privileged Access Management: Securing the Cloud

 

Answered Questions

Error while importing policy store

PERL API - how to get the respones of a rule within a policy

Does CA Single Sign-On 12.52 support a load balancer between Policy Server and ADLDS Policy Stores?

How redirect an alert to another software

Change password SAML

PERL API Setter Method Not Working

Task Session ID (or other unique task ID) in PX?

PIM12.9SP1  TLS

WSFED Resource Partner Entity ID Not Showing in "Local Identity Provider" Drop-down List

 

Open Questions

Ldap and OTP

CA PAM 2.7 release schedule?

CA PAM - VIP requirement

CA Strong authentication-Invalid password format

Deploying AFM Wizard using WebLogic Application Server

 

New Ideas

Default PCP(Password Composition Policy) to view

Enhance the CA Single Sign On WebSphere Application Server Agent to allow HTTPONLY cookies

Enhance the CA Single Sign On WebSphere Application Server Agent to allow SECURE cookies

Control the Concurrent Users Logged to PAM

Session Recording: Live View

Enhance the CA Single Sign On WebLogic Application Server Agent to allow SECURE cookies

Enhance the CA Single Sign On WebLogic Application Server Agent to allow HTTPONLY cookies

ASP.NET Core Support 

Precise Time/Date setting for Audit Logs

Ubuntu 14.04.1 4.2.0-27-gerneric support fro PIM 12.8 SP1

DB2 Purescale support from PIM

Make the Policy Server PERL API complete.

Application and Directory Isolation

Move Registry settings to UI

Log File type 

Security Issues with Error Messages

Feature to run script on RDP log in and out

 

Upcoming Events

     Self-Service Support Webcast: Featuring KB Articles [Aug. 9th]

Simplifying Secure Server Access Control: Why Upgrade to CA Privileged Access Manager Server Control [AUG 16]

Office Hours for CA Privileged Access Management: A Live Online Chat [AUG 18]

Office Hours for CA Single Sign-On: A Live Online Chat [AUG 25]

Payment Security: Aligning to a Broader “Digital Business Transformation” Agenda Panelists [AUG 31]

 

Thanks for answering questions this week...

Ujwol

wonsa03 

Karmeng

RobM

Manjari_Gangwar

william.k.lee

GwanYu_Kim

News & Announcements

Training Available - CA Identity Suite 12.6.8: Implementation Foundations 200

Register for CA World '16 | November 14 – 18, 2016

 

Tech Tips & Support Docs

Tech Tip : CA Single Sign-On: WAMUI R12.52Sp2 not install as Windows service when install in D drive

Tech Tip : CA Single Sign-On :X.509 Cert Authentication with IIS Agent

Tech Tip - CA Identity Management and Governance Last week's Tech Docs

Big Data in Cybersecurity [SLIDES]

Tech Tip - CA Privileged Identity Manager: Changing the IP Address from ENTM Server

Latest Knowledge Base Articles for Single Sign-On (Formerly CA SiteMinder) [29/7/2016]

[SLIDES] Week 5 - Fine-Grained Host Controls

Chat Transcript: Office Hours for CA Single Sign-On [JULY 2016]

Tech Tip : How to create self signed RootCA/Server/User Certificates using OpenSSL

Tech Tip : CA Single Sign-On: How to manually uninstall IIS web agent

Tech Tip : CA Single Sign-On: Unable to startup apache server with libsmerrlog.so error

 

Videos

Big Data in Cybersecurity

 

Answered Questions

Access Role not getting removed from console

ACO ProxyHeaders Parameter

Sending Multi-valued attributes in assertion

CA Directory R12 Sp18 Backup and Restore plan

CA PAM - Windows Proxy

Session Assurance - SessionDNA

multiple rule for same realm

how to install and configure ca directory?

How to start using Siteminder API?

Syncing real time data between Active Directory and CA Strong Auth DB (SQL Server)

Flat File Connector xpress: Customer don't see "Manage Connector Server"

What are privileged accounts?

Copy Policy Server to a new machine

Repository for authorization

auth scheme usage

What are the secure SiteMinder HTTP Header to pass to Protected Back-end Server (Jboss)

Looking for documention or examples to setup SiteMinder r12.52 as an Oauth2 client to access Google account

Update Attribute of a Specific User

Accessing Auth/auth repository using webservice

Policy Server (redhat) with mssql

Disable Riskminder

Web Agents misbehave after running for days

Use perl to modify Html Form Template based auth schem

smps.log on newly installed r12.52 SP1 CR05 policy servers indicates that policy server is restarting by itself periodically

CA PIM - Installation prerequisites

DLP vs email ingestion

 

Open Questions

Need to have document of events being sent from CA PAM to syslogs

Convert SMSESSION into LTPA

Data Sync between AD and Strong Auth DB (MS SQL Server)

CleanUp Submitted task failed with unique constraint violation in CA identity Minder12.6.5

How Target URL is set in Login.fcc page?

I have a question,   We have created 3 Campaign Managers  ( Manager 1 ,Manager 2 & Manager 3) apart from AD1\eADMIN who is the real administrator . These 3 Campaign Managers have similar power of AD1\eADMIN but they can’t enjoy the full power of an Admin.

PIM 12.9SP1 Install issues?

SelfService with no questions

 

New Ideas

Allow SAML integration when IDP and SP on the same domain

Header for the Idle Timeout Value left in a CA SSO Session 

Create document that identifies CA PAM events being sent to syslog

Add Fields to TCP/UDP Service Fields

Allow XPSExplorer to delete objects and all of its links

IDentity Portal: Allow to rename first column "Name"

Identity Portal: Sort by column

Identity Portal: Cannot order column in certification screen

Add additional logging for replication cache

ODBC policy store: Agent Configuration Attribute value should allow over 4000 characters.

IM Support for ACF2 R16

<Device Name> or <Remote IP> option

Allow assigning user to more than 10 PM groups

RHL 7 compatiblity

Ability to modify jpg within Credential Provider

Allow PX to update attribute(s) of specific user

Resource or user settings attributes displayed

Pre-define "Group By" attribute in certfication screen

Autologon through access method Mainframe with CA PAM

A UI authenticate administrator based on LDAP or AD group

CA PAM :Ability to assign tags for Device Groups imported from LDAP

 

Upcoming Events

Office Hours for CA Advanced Authentication: A Live Online Chat [AUG 2]

Privileged Access Management: Securing the Cloud [AUG 5]

Simplifying Secure Server Access Control: Why Upgrade to CA Privileged Access Manager Server Control [AUG 16]

Office Hours for CA Privileged Access Management: A Live Online Chat [AUG 18]

Office Hours for CA Single Sign-On: A Live Online Chat [AUG 25]

 

Kudos!

Thanks for answering questions this week...

Sagi_Gabay

Ujwol

wonsa03

Marline_ODea

prira01

liuho03

Enrique_L._Torres

Warren_Barrow

KennyV

Renato_Pioker

genda03
vkaneriya

Karmeng

Sharana

Patrick-Dussault

lutch01

Bill_Peterson

Registration for CA World '16 is now open.

 

The CA World team has done an amazing job building upon the success of last year's event, while enhancing the programming in response to your feedback. CA World is your opportunity to gain valuable, actionable knowledge and insights to help your company get an advantage in the application economy. New this year, attendees will enjoy:

 

  • 100% More Pre-Conference Education
  • CA Agile Academy with related certifications
  • CA Agile Bootcamp
  • CA Product Certification
  • Design Zone
  • Innovation Exchange
  • Development Track


Visit the CA World '16 website to explore the Pre-Conference Education offerings, learn Why You Should Attendand to View the Agenda.

 

 

You need to add new digital services and improve your customer experience without compromising security. Learn how to mitigate data breaches and protect your customers and employees with a proactive approach to cybersecurity.

 

CA Products and Solutions Covered:

  • Authentication
  • IAM-as-a-Service
  • Identity Management and Governance
  • Payment Security
  • Privileged Access Management
  • Single Sign-On

 

Ready to join us November 14-18 in Las Vegas, Nevada?

Register by September 16 and get our Super Saver rate of $1,295. That's a $700 savings off our regular rate!

 

CA World Alumni: Look for an email next week with a code for a special discounted rate of $1,000