Simplify Access for Single Page Apps with OpenID Connect
Single Page Applications (SPAs) are the preferred style of applications for providing a responsive user experience to your customers. That’s why you need a modern access management strategy that’s easy to use while also enhancing your security and end-user’s experience. Queue OpenID Connect.
Join CA Security product leaders Herbert Mehlhorn and Ravi Kanukollu on August 23rd for an overview of how CA Single Sign-On incorporates support for OpenID Connect to simplify access for Single Page Applications, with topics including:
Step-up authentication Implicit flows Attribute mapping Introspection endpoint, and more
Deliver the superior digital experience your end users want, with the cost-effective infrastructure that your business needs.
Here I have detailed the configuration to configure CA Single Sign On 12.8 as OpenID Connect provider. Please help us to move ahead. I am not sure what I am missing here. I have followed below link to configure openid authorization provider with apache client. CA SSO OpenID Connect Provider - with Apache OpenID Client Authorization…(Show moreShow less)
Hi Suhas You wrote : I assume, if /affwebservices/secure/secureredirect is not protected, we will not be challenged for authentication. However, we are getting challenged for authentication with basic authentication and then we are seeing that encryption issue. I's probably best to look at the webagenttrace.log to confirm what actually…
I am trying to import a signed certificate so that SPS can communicate with https on the backend server and I am receiving a "Failed to load keystore" error in the server.log. (see attachment) I am assuming that one error is preventing me from using https. Any ideas on what could be wrong or step that I may have missed to complete the SSL…(Show moreShow less)
Hi wasja02 It may be best to open a support case - it used to be a bit tricky and you had to get the steps exactly right - I remember trying to debug it to figure out the exact steps - but those look to be the ones you have. But also recently (12.8) the SPS changed to use bouncy castle crypto provider, not RSA cryptoj and there have been…
It's great that we have such vibrant communities to get quick answers to questions and gain product knowledge! We have very active members jumping in to help others out all the time. The goal of the communities is to respond to every members' question so that no one goes away "empty handed". Shoutout to the following members who provided tips…(Show moreShow less)
Hello, We are trying to apply Siteminder/Single-SignOn to an existing web/.net application running on IIS and running under a custom domain Active Directory Windows account as the AppPool identity (integrated pipeline mode). The Siteminder webagent setup is done to our knowledge, however we find that the application breaks at the first SQL…(Show moreShow less)
Thanks. I tried these options: 1. Webagent turned off with Windows Authentication enabled: I am getting the same error. The application is identifying the incoming user (httpcontext.user) as the AppPool identity instead of the custom domain AD service account set in the IIS Windows Authentication app pool identity attribute. 2. Webagent turned…
The policy servers (12.52 SP2 CR01) are hosted on Windows 2012 servers in our infrasturcture. Coud you please let us know if there are any Siteminder API's to enable or disable the policy server trace? If there are any, please provide the details of the same.
Another option that could be used is a Powershell script to modify the registry remotely. We already have the necessary registry changes documented here: How to start SiteMinder smps trace without using S - CA Knowledge Hope this helps!
Hi, I have a response with <%userattr="memberof" %> Pulled out AD of user group1^group2^group3^ The user has 20 groups. It works perfectly in SM 12.0x environment. But when we move to 12.7 environment. Only 1 group is pulled out. Sometimes no group is pulled out. Is it a known problem? Is it a configuration problem? Or something…(Show moreShow less)
I am trying to configure SPS and currently the flow isn't working correctly. Let's use frontend.com and backend.com/target for this example. Proxy rules is ... <nete:proxyrules xmlns:nete="http://frontend.com"><nete:forward>http://backend.com/target$0</nete:forward> 1.User types in frontend.com/ and login page is served as expected showing…(Show moreShow less)
Thank you Hubert for helping me understand how the proxyrules work with the $0 and $1. I was able to resolve the double /target issue by keeping the base server names in the proxyrules.xml and requesting frontend.com/target in the browser. So /target gets appended to backend.com.
Requested Change: Allow use of other forms based templates to chain to. Such as the "SecureID HTML Form Template". Issue: The current authentication chaining only allows selection of an "HTML Form" template. However, we also want to be able to chain to an RSA scheme, which is also just a normal form. This will allow clean fallback,…
Knowledge Document Title Summary URL SMAUTHREASON reason code document (Legacy_Onyx KB Id: 176074) SMAUTHREASON reason code document (Legacy_Onyx KB Id: 176074) https://comm.support.ca.com/kb/smauthreason-reason-code-document-legacyonyx-kb-id-176074/kb000054936 Is this normal that URL encoded chars %3C and %3E are blocked by SiteMinder…(Show moreShow less)