What’s New & What’s to Come in CA Single Sign-On 12.8
The latest version of CA Single Sign-On (CA SSO), 12.8, brings advancements in application integration support, OpenID Connect and security capabilities so you can more easily and securely manage your modern application environments.
Join the CA SSO product team for an overview of the new functionalities in CA SSO 12.8, that will enable you to control access to an expanding portion of your application environment, such as OpenID Connect based applications running on-premises or in the cloud.
Additionally, the session will include a sneak peek ahead to the development themes in CA SSO that will soon be visible on Validate.CA.Com as the next release is developed.
Presented by Herb Mehlhorn Advisor, Product Management (CA)
Managing CA Single Sign-On with CoreBlox’ ToolBox in an App Driven World
Identity authorization and access control is a key component of building your Modern Software Factory. To achieve that end, reducing operation risk is critical to your CA SSO solution.
In this webinar, you will learn about the fabric of policy management and how to minimize risks through the policy promotion and manage process with tools such as CoreBlox’ ToolBox for CA SSO. The discussion will include how to create a policy standard and simplify upgrades with a migration framework across solution tiers CA SSO versions, and how CA SSO and CoreBlox’ ToolBox enable you to partner with application owners to achieve a modular framework where identity is key.
Presented by Herb Mehlhorn (CA), Todd Clayton (Coreblox), Ben Stroud (Coreblox) and Chad Northrup (Coreblox)
After upgrading an SPS server from 12.52 sP1 CR5 to CR8 the server will not start. The following message is displayed in the server.log file [19/Apr/2018:14:02:58-937] [FATAL] - No ROOT context found. [19/Apr/2018:14:02:58-952] [ERROR] - InitCatalina failed ('Failed to start component [StandardServer]') [19/Apr/2018:14:02:58-952] [ERROR]…(Show moreShow less)
Hi Matt, I have had that happen too, it might be related to unistall/install without rebooting, sometimes if somethign is in use it seems to defer it until restart time. After a fair bit of searching I found : For the tomcat service in SPS it can be registered via : SmSpsProxyEngine.exe -service default An unregistered via…
Hello Everyone, I need some clarification on LDAP load balancing and failover configuration setup on a siteminder environment. Here is the current setup we are having in our production environment. Load balancing: Failover Group: Server 1 Server 2 Server 3 Failover Group: Server 4 Server 5…(Show moreShow less)
My comments inline. Using the same servers in the same order in the Failover groups 1 & 3 might not be a right configuration on our side. But using the same servers in different order in Failover groups 1 & 4 may be a okay i think. Ujwol => Correct. As the idea is to load balance the request among all your available servers, it is best that…
We have setup CA SSO which is taking credentials from the login page which in turn passes the request to webagent and policy server. But what we analyse is user getting credential not matched error although the those are correct. We have tried debugging the code by printing password for user which is also fine when it passes from application to…(Show moreShow less)
What is your user store ? Have you configured multiple user stores as authenticaiton directory ? The user will be authenticated against the first directory the user is found. The first thing I will do is look at the policy server trace logs (enable all components and data) and check why the user is not authenticated. Usually it would give the…
Does anyone have any insight on how to integrate Siteminder with DUO's MFA Service? We would like to leverage our current FCC form for primary authentication and then present the user with an IFrame with the DUO prompt for secondary authentication. Thank you for your help and insight.
Hi, Our CA SSO Policy Server experience from time to time a Busy Threads leak that goes up to 100 threads and we are having a hard time finding the root cause of this. We are suspecting LDAP latency but to get more help from our AD support team we need to give them a little bit more information on wich LDAP server that might cause the…(Show moreShow less)
Hi, SElinux is default enabled on RedHat and trying to install and start the WebAgent running on Apache will therefore fail. Product installation guide don't mention anything about SElinux and you have to figure it out by yourself. I would like following enhancement request: 1) Documentation: SiteMinder installation guide should tell how…
I would like following enhancement request: 1) Documentation: SiteMinder installation guide should tell how to configure SElinux to work with SiteMinder Webagent. 2) "Out of the box" configuration: SiteMinder agent installation should "out of the box" deploy a SElinux policy that enables SiteMinder Webagent to work in SElinux environment in…
Team, We have a requirement to build a custom expression to get the user detail from the certificate for certbased authentication. We have to read the subject alternate name to build the user dn. Eg: User certificate contains subject alternate name value as "Other Name: Principal Nameemail@example.com" in my custom expression i need…(Show moreShow less)
The CA Services Global Deployment team's Advanced Certificate Authentication Scheme (ACA) can handle this use case. It provides access to the subject alternate name Other Name: Principal attribute and also provides a regular expression filter mechanism that can pull out the username value from the email address. The certificate authentication…
Hi Team, In one of our environment, we recently migrated from 12.5 Policy store to 12.6. Few of the application were kept pointed to the existing 12.5 store and few were pointed to the new 12.6 store. We synced the key-store for both env by taking an export from existing store and importing it into the new one. SSO was working fine. After…(Show moreShow less)
I suspect that Sharana's comment is correct. My recommendation is that you export your R12.5 key store data and install it into standalone key store. Remove the key store data from both the 12.5 and 12.6 policy stores. Point both the 12.5 and 12.6 environments at the standalone key store. Also, switch from having one 12.5 policy server doing key…
Hello,I have recently been facing the issue above when trying to redirect any user from my WebAccess Controlinfrastructure to my Web Access Management Infrastructure in order to be authenticated with a higher Authentication LevelIn fact the first user gets authenticated and then got an SMSESSION with an authentication Level of 5.After that the…(Show moreShow less)
To kill an SMSESSION cookie you just need to set a new cookie with the name SMSESSION and a value like "Logged Out", with / as the path and appropriate domain. That will overwrite the existing SMSESSION cookie with a value that the web agent will reject.