Kristen Malzone (CA) Our product experts are standing by here in the WebEx chat to answer your questions in real-time!
Jeff : @CA, good morning. I have not questions at this time.
Kristen Malzone (CA) :@Jeff Ok - Thanks, Jeff! Happy Monday!
Kristen Malzone (CA) :
@Jim, @Josh - Any questions today!
Jim Lundell :
I understand the benefits for CA Auth ID for external clients. My question is if there is also a benefit for Internal users too. Specifically, does it offer a more secure solution than relying on device certs to restrict access. I believe Marty stated at one time that device certs are not secure. Are you able to expand upon as to why this is?
Charley Chell :
Device certs are subject to brute force attack
Josh Coffman :
@CA - I dont have any questions today. Just lurking.
Kristen Malzone (CA) :
@Josh Ok - Thanks for joining!
Jim Lundell :
Do you have a suggested link for any articles on this? This would help make a case for your offering.
Charley Chell :
Sorry but I don't have at my fingertips. If you share your email address then I'll have someone follow up. Also, a google search will give you some interesting info
Charley Chell :
Remember also that theya re exportable
Jim Lundell :
Great. I'll do that. *****@.com
Jeff :
Are there any examples of larger implementations? I'm particularly interested in seeing how capacity is best scaled. Thanks.
Josh Coffman :
@Jeff, @CA - I am also interested in this. I have heard multi-site is difficult due to the database requirements.
Charley Chell :
I wouldn't exactly say that was true, re the database requirements, but yes it is true that the system relies on the database to syncrhonize data across multiple sites. That's pretty ordinary.
Josh Coffman :
Yes, I guess it was in the context of siteminder shops that leverage the replication of LDAP instead of database.
Charley Chell :
What I advise customers to do is to point all instances of the AdvAuth system to one database instance. The needs there are not very demanding so it doesn't cause large end user latency problems. We don't do heavy DB I/O
Jim Lundell :
@Jim - The risk score computed at login time can be checked via SiteMinder policies -- correct? Can SiteMinder pass this risk score to applications?
Charley Chell :
I've asked one of the SiteMinder guys to join in. As far as I know, SiteMinder custom auth schemes are pretty flexible
Challa Ramakanth (CA) :
@Jim - The SiteMinder policies have protection levels. My understanding is that with SiteMinder integration, you can specify which risk score would be which protection level so you can determine the auth scheme that is needed. higher the protection level, you can chose to use a stronger auth. I think that's the way it works but I am double checking on that and will get back to you. As far as passing the risk score to apps, if it could be generated/captured as a header variable then yes Single Sign On (formerly SiteMinder) can pass that to apps. I will confirm in a few mins.
Charley Chell :
Yes, that I can confirm
Jim Lundell :
@Jim - Thanks
Challa Ramakanth (CA) :
@Jim - The following documentation for Single Sign On explains the integration is more detail and how you can use the risk score - https://support.ca.com/cadocs/0/CA%20SiteMinder%2012%2052%20SP1-ENU/Bookshelf_Files/HTML/idocs/1703824.html
Challa Ramakanth (CA) :
@Jim - It has answers to all your questions.
Jim Lundell :
@Jim - Yes, thank you
Kristen Malzone (CA) :
15 minutes left! Get your last questions in now!
Kristen Malzone (CA) :
The CA World '15 Session Catalog is now live! Check it out: https://communities.ca.com/community/ca-world/blog/2015/06/10/ca-world-15-session-catalog-live
Kristen Malzone (CA)
@Namish @Sutha - Do you have any questions for our product experts?
Namish :
Not me as of now
Kristen Malzone (CA) :
@Namish - Ok Thanks for stopping by Office Hours today!
Kristen Malzone (CA) :
We'll post the transcript today's Office Hours here in the CA Security Community:
Kristen Malzone (CA)
Join us next month on Monday, July 20th. The event will be posted to the CA Security Community later today.