Transcript CA Single Sign-On APJ Office Hours: A Live Chat (Oct 12th)

Document created by Karmeng Employee on Oct 12, 2015Last modified by kristen.palazzolo on Dec 17, 2016
Version 3Show Document
  • View in full screen mode

from Kar Meng Chook to Everyone:
The chat session is starting. you can ask questions

 

from Ravi Shah to Everyone:
General question - looking at the Java releases, how CA is planning to align the support model (as Java is one of the pre-req for many products)

 

from Kar Meng (CA) to Everyone:
@Ravi, from CA perspective, we are trying our best to keep the Java release up to date to our products

 

from Sasikumar to Everyone:
Hi, I do not hear audio.

 

from Kar Meng (CA) to Everyone:
@Ravi, however, CA Single Sign On is currently supported the Java 1.7 and we are in active process to certify the latest

 

from Kar Meng Chook to Everyone:
@Sasi. there is no audio


from Ravi Shah to Everyone:
General question - how do we improve collecting data upfront, most of the times traces will be disabled and first thing asked by support is to collect traces which we may not get until the issue occurs again. Any high level guideline there? we lose a few days in course of troubleshooting just waiting for the required logs

 

from Sung Hoon Kim (CA) to Everyone:
@Ravi, this is not an issue with CA product only. It would be a generic problem for any product out there.

 

from Sung Hoon Kim (CA) to Everyone:
@Ravi. It is always good to have some templates ready for certain or generic issues. such as policy server trace template

 

from Sasikumar to Everyone:
About product feature: Does CA Single Sign-On Product supports Third party web service calls from Authentication API ? (Third party web services like SOAP/AXIS WS from Custom authentication module using java API). There were some cases I have raised but still I do not see concrete answer towards my question. Prouct version R12.52 Sp1

 

from Kar Meng (CA) to Everyone:
@Sasi, technically, it is supported as third party web services is calling CA Single Sign on JAVA API. Normally, the integration part is customization and fall out of Support scope. We can assist in engaging CA Services which is paid service

 

from Sasikumar to Everyone:
ok, that answers to my query related to product capability.

 

from Sung Hoon Kim (CA) to Everyone:
@Ravi, regarding the logging, can you submit an enhancement in the ideation site. It would be good if the product detects an error condition(selectable), the trace log would be logged for that error. I think there could be some information even though not output to the trace file, product should have some information in the memory relating to that transaction. ==> "Trigger based logging" feature.

 

from Sasikumar to Everyone:
Does CA SPS R12.52 SP1 has major changes with respect to architecture when compared to R12 SP3 SPS ? Since bit concerned the way prodct upgrade changed our environment. Apologize if this is not in the context here.

 

from Ravi Shah to Everyone:
Thank you Sung for the response.

 

from Mark O'Donohue to Everyone:
Hi @Saasikumar, My personal recomendation for upgrade of SPS, is always to do fresh install and transfer the configration manually

 

from Sasikumar to Everyone:
ok. thank you.

 

from Mark O'Donohue to Everyone:
an automated update has some problems since the apache config files are manually changeable, and also there are differences between different deployments of apache in SPS, and often unless upgrade over minor versions or manual changes to the config files there can be issues

 

from Mark O'Donohue to Everyone:
@Saarikumar, so for upgrade R12 Sp3 to R12.52 I would recomend manual upgrade, and also to test the upgrade in lower environment

 

from Sasikumar to Everyone:
Yes, I have tried fresh installation rather than upgrading it but I was running into some issue with dependent libraries. There is a case opened which is under progress hopefully.

 

from Mark O'Donohue to Everyone:
@Saarikumar, often I find doing diff on httpd/conf and proxy-engine/conf config directories is a good way to determine what changes have been made or differences

 

from Kar Meng (CA) to Everyone:
@Sasi, good to know that issue open, I believe it will have positive outcome

 

from Sasikumar to Everyone:
Thank you Mark.

 

from Sasikumar to Everyone:
Yeah I have compared and migrated those changes as mentioned in the ca community portal

 

from Kar Meng (CA) to Everyone:
@ToAll, we have just past half an hour mark, feel free to ask questions as we have another half an hour to go. Thanks.

 

from Kent Zhou to Everyone:
@Sasi, are you using 64bit Redhat 6? Mark and I later can later work offline with you on the case to the detail.

 

from Mark O'Donohue to Everyone:
@Saarikumar, I find often the new session assurance layer can cause those errors - when it is not configured correctly  - they can be disabled - I will direct Kent to the doco and he can add it to the support case

 

from Sasikumar to Everyone:
Wow that will be nice. All we wanted is to retain the r12 sp3 product feature. At least for now, we are not using the SPS new features

 

from Kent Zhou to Everyone:
manage Session Assurance

 

from Kent Zhou to Everyone:
refer to https://support.ca.com/cadocs/0/CA%20SiteMinder%20Secure%20Proxy%20Server%2012%2052%20SP1-ENU/Bookshelf_Files/PDF/sps_admin_enu.pdf

from Kent Zhou to Everyone:
Page 35

 

from Kent Zhou to Everyone:
We can follow that on in the case if you still run into Java Fatal error.

 

from Sasikumar to Everyone:
@Kent, Red Hat Enterprise Linux Server release 5.9 (Tikanga).

 

from Sasikumar to Everyone:
Yes, we can take it through the case and same time, let me try the solution following up the document.

 

from Kar Meng Chook to Everyone:
@Sasikumar, let's direct the discussion to the issue that you have opened with CA

 

from Kar Meng Chook to Everyone:
@Sasikumar, this chat session is not meant to discuss Support issue

 

from Sasikumar to Everyone:
Sure. thank you all.

 

from Kar Meng Chook to Everyone:
Welcome @Haranadh

 

from Kar Meng Chook to Everyone:
@Haranadh, the chat session has started about 40 minutes ago, feel free to ask your questions

 

from Sung Hoon Kim (CA) to Everyone:
@Ravi, I created an Idea post on your behalf. https://communities.ca.com/ideas/235726357 can you go to this site and vote on it?

 

from Ravi Shah to Everyone:
Sure, thank you.

 

from Sung Hoon Kim (CA) to Everyone:
@Ravi, feel free to add your comments too

 

from Ravi Shah to Everyone:
sure, thank you

 

from Kar Meng (CA) to Everyone:
@ToAll, we have 10 minutes before our session end

 

from Kar Meng (CA) to Everyone:
@ToAll, we have different product specialists (SPS, Federation, ASA, SDK, Policy server, web agent) in the room

 

from Sasikumar to Everyone:
OK, let me raise one more question. My understanding by default R12.52 Sp1 product can support Oauth authentication scheme

 

from Sasikumar to Everyone:
but I do not see any template with respect to Oauth authentication. can someone clarify, how I can accept oauth token as authentication credentials ?

 

from Kelly (CA) to Everyone:
@Sasi, yes, it's supported and the template is installed by default

 

from Sasikumar to Everyone:
Aonther question, does it neccessary CA siteminder always tightly coupled with userstore ? Does it really required to have userstore connection to the policy server ?

 

from Sung Hoon Kim (CA) to Everyone:
@Sasi, can you elaborate more on "tightly coupled with userstore"?

 

from Sasikumar to Everyone:
why do we have tight coupling between userstore and policy server ? Say exp, I do not have permission to read and write user store objects directly, how we can utilize siteminder product to intercept the data through some other interface (can be plain java call to the authentication api)

 

from Sasikumar to Everyone:
@Sung, then there is a question why I do not see those OAuth template. Probably I need to increase another case count here.

 

from Kelly (CA) to Everyone:
@Sasi. the OAuth template should be imported with the smpolicy.smdif

 

from Kelly (CA) to Everyone:
@Sasi, you can open a support ticket with us if OAuth template is still not visible for configuration

 

from Sung Hoon Kim (CA) to Everyone:
@ByungHyup.Kim Welcome. 어서오세요

 

from Sasikumar to Everyone:
@Kelly, I have imported those objects during policy store config. yes, I will do that. Thanks

 

from Ujwol (CA) to Everyone:
@Sasi ..On the external authentication API ..again ..theoritically this is possible..Did you give it a try ? Have you faced any challenges ?

 

from Kar Meng (CA) to Everyone:
@ToAll, we have the session end soon, let's have one more last question

 

from Kar Meng (CA) to Everyone:
@ToAll, anyone want to raise a question?

 

from Sasikumar to Everyone:
@Ujwol, Yes, I have tried for disambiguation using third party WS which not gone through the way we wanted. then we have done work around to acheive the same

 

from Ujwol (CA) to Everyone:
Yeah , I am sure it will not be starightforward

 

from Ujwol (CA) to Everyone:
There will be some tweaking involve to get it working

 

from Sasikumar to Everyone:
Thank you all for your time and addressing my quries.

 

from Kar Meng (CA) to Everyone:
@ToAll, thanks for joining and we will schedule another chat session and will be announced in CA Community.

 

from Sasikumar to Everyone:
Yeah understand Ujwol. Always work around gives the majic but when comes to maintain the same bit hectic

 

from Samuel Yii (CA) to Everyone:
thank you Kar Meng

 

from Sasikumar to Everyone:
Thank you All.

 

from Ravi Shah to Everyone:
Thank you Kar Meng

 

from Kar Meng (CA) to Everyone:
@ToAll. Thank you all

 

from Kar Meng (CA) to Everyone:
@ToAll. Do you feel this chat is benefit and do you want to join in the future?

 

from Sung Hoon Kim (CA) to Everyone:
@ByungHyup.Kim @JungMinHo 안녕하세요. 시간착오가 있었나 보네요. 다음에 이런 자리를 또 마련하려고 합니다. 별도로 연락드리겠습니다

 

from Kar Meng (CA) to Everyone:
@ToAll, I'm closing the session

 

from Kar Meng (CA) to Everyone:
@ToAll, thanks

Attachments

    Outcomes