Skip navigation
All Places > CA Security > Blog > 2016 > February
2016

What happened in the CA Security Community? Here's a quick recap...

Getty_166499394_75.jpg

 

Tomorrow!

Join us tomorrow for Office Hours for CA Advanced Authentication: A Live Online Chat

 

News & Announcements

CA Support Mobile App for Case Management

Announcement End of “Full” Support for ObserveIT v5.6.9

View Submitted Task database queries

CA SSO Authentication on CA Identity Governance 12.6.4 using JBoss 6.x

 

Upcoming Events

Office Hours for CA Privileged Access Management: A Live Online Chat [Mar. 9th ]

 

Questions

CA SSO and JSON messages

The specified item was not found.

Which password policy gets triggered if we have a subset of user in a user Directory  part of two password policy.

Unable to load SiteMinder agent configuration object.

Performance issue when we do stress Load ,Need Help to solve this issue.

How UNAB authentication works for external applications?

IdMgr process engine misses work in Task Persistence DB

Approval e Rejection notification

Password expiration policy

is there a way to customize basic authetication to give 401  error after single authetication failure

questions related to impersonation

Updating SAML IDP Certificate for 50+ partnerships

Federation SP Cert Renewal on IDP

 

New Ideas

Click on an idea below to vote it up or down.

Support SMSESSION cookies passed on URL line

Ability to send email when endpoint account task completes

Automated check-in for expired exclusive check-outs after the user was deleted

Identity Manager enhancement request - DatePicker non editable field

UNAB cluster aware registration needed

CA Directory Enhancement - Health check and alert

CA Identity Manager Connector support for PeopleSoft Financials version 9.1

Add feature to disable certificate authentication

What happened in the CA Security Community? Here's a quick recap...

Getty_166499394_75.jpg

 

News & Announcements

Configuring an ALL-IN-ONE VM Image - Part 8

Tech Specs: New Features Coming with the 2016.1 Upgrade Tech Specs: New Features Coming with the 2016.1 Upgrade

Chat Transcript: Office Hours for CA Single Sign-On [Feb 18th]

CA Privileged Identity Manager Critial Alert

 

Upcoming Events

Office Hours for CA Advanced Authentication: A Live Online Chat [Mar. 1st]

https://communities.ca.com/events/2622

https://communities.ca.com/events/2620

 

Questions

SharePoint Integration with CA SSO(SiteMinder 12.52) for users accessing from external network without VPN

DSA_I3420 The DXgrid .db file failed to load as it contains the object identifier '(1.3.6.x.x.x)' which is not defined in the directory schema.

SiteMinder (SSO) Log Analysis / Analytics tool

SiteMinder WebAgents - Supports 4.x agents

CA Siteminder : Does changing HCO value needs restart of service?

PAM 2.5.x - LDAP import getting 9009 error

Setup OpenID Authentication Scheme (Google)

Authentication Protocol Service Management app mobile

SiteMinder 12.52 WAM GUI - https setup

Way to calculate time taken for the data replication

 

New Ideas

Click on an idea below to vote it up or down.

Data Protection: bulk audit enhancement - add comments and ability to use new issue option

Product Enhance Request

Need WSo2 App Manager Federation listed under RunBook

Option to change CAPKI for CA Directory Server

CA Directory installation with Unix Network Users

Enable/Disable on Profile Tabs

aas install fails with readonly home directory

Having consistent service scripts names across Secure Cloud Components

What happened in the CA Security Community? Here's a quick recap...

Getty_166499394_75.jpg

 

News & Announcements

Latest Knowledge Base Articles for Single Sign-On (Formerly CA SiteMinder) [2/15/2016]

Meet CA Support Engineer for Payment Security: Hoshiyar Singh Digari

Snapshot Tasks for IM 12.6 OOTB Reports (Excluding Audit reports)

Walk through of setting up Apache httpd on Redhat Enterprise Linux 6 for use as a reverse proxy/load balancer for a PIM 12.9/12.9SP1 ENTM and load balancing ENTM

CA Remote Engineer Webcast [SLIDES]

 

Upcoming Events

Office Hours for CA Advanced Authentication: A Live Online Chat [Mar. 1st]

Office Hours for CA Privileged Access Management: A Live Online Chat [Mar. 9th ]

 

 

Questions

Help for Policy Manager policy to be defined for POC

Configuring SiteMinder, Apache, VirtualHosts and multiple Policy Servers

OpenID Authentication Scheme - Google & Yahoo Provider - CA Single Sign-On (formerly CA Siteminder)

PS: Storing a password

CA Identityminder - Emails are getting triggered continuously

Convert responses to upper case out of box

Where are Snapshots in the SQL DB tables

Garbage Data in IDM Reports

CA SSO – Enforce Realm Timeout Question

Syncing attributes from ldap corp store to AD

 

New Ideas

Click on an idea below to vote it up or down.

Provide the ability to generate a PDF Report form the Verify GUI

Support for websocket on RHEL7/Redhat Apache 2.4 platform

User Count and User Type Report

Wild Card Search filter not working on DN Complex Type

Updated Audit Status on search panel without refresh

CA Access Management product line on Linux on Power 8

[IG] Manage IG Portal Authorization via AD Group membership

account unlock new tab in CM

What happened in the CA Security Community? Here's a quick recap...

Getty_166499394_75.jpg

 

News & Announcements

Latest Knowledge Base Articles for Single Sign-On (Formerly CA SiteMinder) [2/8/2016]

CA IAM Gets Strong Customer Reviews

Chat Transcript: Office Hours for CA Privileged Access Management [Feb. 3rd]

End of Support for ObserveIT v5.6.4 and v5.6.8 from CA Privileged Identity Manager

 

Upcoming Events

Office Hours for CA Single Sign-On: A Live Online Chat [Feb. 18th]

 

Questions

when will the new PAM available ?

insert unique identifier to smaccess log.

USB and Network folder data can monitor on save ?

IDM java task API and task invocation options

PIM: Transitioned Communication Password Change

Difference between SiteMinder ValidateAccept/Reject and AzAccept/Reject

Is CA Webfort 6.2.9 is compatible with Oracle12c? We are using data direct driver 6 for webfort and WebSphere 6 to connect with current Oracle database 11G.

OAuth Authorization Grant and Best Practices in a JEE Application Server

IM events triggered after an ADS account is changed

AD Connection Error

 

New Ideas

Click on an idea below to vote it up or down.

Remove CA Directory single core and single thread UPDATE limitation

Enhancement request for AssertionGenerate audit logging

Support OnAccessReject event for SSO federation partnership

CA PIM: Create group functions for ACL's

Need OverLookSessionX type of ACO variable that could key off of a request header such as XMLHttpRequest

Policy Server SiteMinder smaccess.log timestamps

SiteMinder password policy enhancement to help mitigate DoS attacks

IIS Webagent Reset when adding protection to new Site.

Posted by Ujwol Shrestha - Principal Support Engineer in CA Security on Feb 2, 2016

 

Envrionment :

  • Oracle HTTP Server 11g
  • Siteminder Web Agent : 12.5+

Step 1. Changes to httpd.conf file at <Instance Directory>\instance1\config\OHS\ohs1

 

1. Add LoadModule entry to the DSO Support Section

The following line(s) are added to the Dynamic Shared Object (DSO) Support configuration section, which precedes the Main server configuration section of the file.

LoadModule sm_module "<web_agent_home>/win64/bin/mod_sm22.dll"

Note:

The SiteMinder Agent requires one of the following modules in order to load:

Apache 2.0

LoadModule sm_module web_agent_home/bin/libmod_sm20.so

Apache 2.0 running on Windows

LoadModule sm_module web_agent_home/bin/mod_sm20.dll

Apache 2.2 running on Windows

LoadModule sm_module web_agent_home/bin/mod_sm22.dll

2. Add SmInitFile Entry

This entry is placed after the LoadModule entry that you added in (1). A full path is used, not a relative path.

SmInitFile "<Instance Directory>/instance1/config/OHS/ohs1/WebAgent.conf"

 

3. Alias Entries Added

In the Aliases section of the file, following entries are added to enable SiteMinder features.

 

Note:

The Alias /siteminderagent/ “<web_agent_home>/samples/” entry must come after all other aliases in the Aliases section.

 

AliasMatch /siteminderagent/nocert/[0-9]+/(.*) "<web_agent_home>/win64/$1"

<Directory "<web_agent_home>/win64/$1">

Options Indexes MultiViews

AllowOverride None

Order allow,deny

Allow from all

</Directory>

Alias /siteminderagent/pwcgi/ "<web_agent_home>/win64/pw/"

<Directory "<web_agent_home>/win64/pw/">

Options Indexes MultiViews ExecCGI

AllowOverride None

Order allow,deny

Allow from all

</Directory>

Alias /siteminderagent/pw/ "<web_agent_home>/win64/pw/"

<Directory "<web_agent_home>/win64/pw/">

Options Indexes MultiViews ExecCGI

AllowOverride None

Order allow,deny

Allow from all

</Directory>

Alias /siteminderagent/ "<web_agent_home>/win64/samples/"

<Directory "<web_agent_home>/win64/samples/">

Options Indexes MultiViews

AllowOverride None

Order allow,deny

Allow from all

 

Step 2. Create WebAgent.conf file with the following content and copy it in <Instance Directory>\instance1\config\OHS\ohs1

 

# WebAgent.conf - configuration file for SiteMinder Web Agent

# Web Agent Version = 12.51, Build = 1402, Update = 07

 

LOCALE=en-US

 

#agentname="<AgentName>, <IPAddress>"

HostConfigFile="<web_agent_home>\win64\config\SmHost.conf"

AgentConfigObject="<aco_name>"

EnableWebAgent="YES"

ServerPath=""

#localconfigfile="<Instance Directory>\instance1\config\OHS\ohs1\LocalConfig.conf"

LoadPlugin="<web_agent_home>\win64\bin\HttpPlugin.dll"

#LoadPlugin="<web_agent_home>\win64\bin\Affiliate10Plugin.dll"

#LoadPlugin="<web_agent_home>\win64\bin\SAMLAffiliatePlugin.dll"

#LoadPlugin="<web_agent_home>\win64\bin\eTSSOPlugin.dll"

#LoadPlugin="<web_agent_home>\win64\bin\IntroscopePlugin.dll"

#LoadPlugin="<web_agent_home>\win64\bin\SAMLDataPlugin.dll"

#LoadPlugin="<web_agent_home>\win64\bin\OpenIDPlugin.dll"

#LoadPlugin="<web_agent_home>\win64\bin\DisambiguatePlugin.dll"

#LoadPlugin="<web_agent_home>\win64\bin\OAuthPlugin.dll"

AgentIdFile="<Instance Directory>\instance1\config\OHS\ohs1\AgentId.dat"

 

Step 3. Create AgentId.dat file with the following content and copy it in <Instance Directory>\instance1\config\OHS\ohs1

 

GUID=000080fe0000000075939d10c0597d33-0bf0-5643dc86-0bf4-0339021c

(Specify unique GUID value for each of the Agent Instance )

 

Step 4. Change opmn.xml file at <Instance Directory>\instance1\config\OPMN\opmn

=======================================================================

Add following lines after

<ias-instance id="instance1" name="instance1">

<environment>

 

section

 

<variable id="NETE_WA_PATH" value="<web_agent_home>/win64/bin"/>

<variable id="NETE_WA_ROOT" value="<web_agent_home>/win64" />

<variable id="PATH" value="$NETE_WA_PATH;$PATH"/>

 

 

Note:

     1. All the sections within <> need to be changed with the actual path

     2. After making all these changes OS needs to be restarted.

 

Attachment:

All the sample files are attached for reference.

  

What happened in the CA Security Community? Here's a quick recap...

Getty_166499394_75.jpg

 

News & Announcements

Removing Microsoft Windows Server 2003 (x86) from CA Privileged Identity Manager endpoint support matrix

Upcoming Events

Office Hours for CA Advanced Authentication: A Live Online Chat [Feb. 2nd]

Office Hours for CA Privileged Access Management: A Live Online Chat [Feb. 3rd]

Community Webcast: Getting Started with CA Single Sign-On and CA Remote Engineer [Feb 11th]

 

Questions

Secure Proxy Server (Access Gateway) - How is it? What are your lessons learned?

Issues while Using SM Agent API from JBOSS 6.4

Can I have a support matrix for CA Siteminder with AWS cloud environment

Windows 2012 R2 web agent support

TEWS API Guide

How to cutomize url redirection  based on smsuthreason for basic authetication ?

virtual directory on IIS not reflecting changes

Site Minder features

Has anyone used the config\SMX509CertAuthSettings.cfg file for Client Cert Auth?

encrypting data in etautil script

failed login not logged on the aix endpoint.

 

New Ideas

Click on an idea below to vote it up or down.

ControlMinder providing SessionID through an ENV variable

Add new SAP R3 attributes to CA IDM SAP connector

SIteMinder Websocket support

Getting status of a Deployment

Writting logs

Better handling of idle TCP connections

Auditting details of administrators who cancel tasks in IM View Submitted Task

Better IM notification from Workpoint

Exchange 2016

CA PIM: enable end-user authentication to use AD DNS Service Records