The scope of the document is to provide the necessary steps to configure the CA Single Sign-On R12.52 SP1 to protect ‘Global Settings’ page with CA Directory as user store
- CA Single Sign-On: Administrative UI >> Infrastructure >> Agents >> Agent
Create an Agent object
- CA Single Sign-On: Administrative UI >> Infrastructure >> Agents >> Agent Configuration Objects
Create an Agent Configuration object with copy of ‘ApacheDefaultSettings’ with updates to DefaultAgentName, HttpsPorts, GetPortFromHeaders and LogoffUri
- CA Single Sign-On: Administrative UI >> Infrastructure >> Authentication >> Authentication Schemes
Create HTML Form authentication scheme referencing pamlogin.fcc
- CA Single Sign-On: Administrative UI >> Infrastructure >> Directory >> User Directories
Create User Directory object referencing the CA Directory instance
- CA Single Sign-On: Administrative UI >> Infrastructure >> Hosts >> Host Configuration Objects
Create host configuration object referencing the Policy Server
- CA Single Sign-On: Administrative UI >> Policies >> Applications
Create an Application and associate the user directory created in Step 4 to the Application
Create Component to protect ‘Global Settings’ page and associate the authentication scheme created in Step 3 to the component
Create Resources with GET, POST actions
Create Roles, include all the users that are allow to access the protected resources
Create Policies to associate the Roles to the Resources
- CA PAM: Config >> CA Modules
Define the CA Single Sign-On Configuration
- Save the configuration and Restart Apache.
If you are getting a blank page after CA Single Sign-On login or the CA Single Sign-On login page does not respond, please ensure that you have login to CA PAM using CA PAM server’s FQDN.
‘Login failed: unknown reason’ (from CA PAM Client) OR ‘Internal Server Error’ (from web browser UI) after Apache restart for CA Single Sign-On integration.
‘Checking for update failed. Reason: Server returned HTTP response code: 500 for URL: https://<PAM_FQDN>/client/structure.php?os=win’ (from CA PAM Client) OR ‘Internal Server Error’ (from web browser UI) when users attempt to access CA PAM with CA Single Sign-On integration enabled.
Ensure that CA Single Sign-On Policy Server is up and running.
This usually happens when you disabled and attempt to re-enable CA Single Sign-On (with same settings as before) from CA PAM.