from Kar Meng Chook to Everyone:
The chat session is starting. you can ask questions
from Ravi Shah to Everyone:
General question - looking at the Java releases, how CA is planning to align the support model (as Java is one of the pre-req for many products)
from Kar Meng (CA) to Everyone:
@Ravi, from CA perspective, we are trying our best to keep the Java release up to date to our products
from Sasikumar to Everyone:
Hi, I do not hear audio.
from Kar Meng (CA) to Everyone:
@Ravi, however, CA Single Sign On is currently supported the Java 1.7 and we are in active process to certify the latest
from Kar Meng Chook to Everyone:
@Sasi. there is no audio
from Ravi Shah to Everyone:
General question - how do we improve collecting data upfront, most of the times traces will be disabled and first thing asked by support is to collect traces which we may not get until the issue occurs again. Any high level guideline there? we lose a few days in course of troubleshooting just waiting for the required logs
from Sung Hoon Kim (CA) to Everyone:
@Ravi, this is not an issue with CA product only. It would be a generic problem for any product out there.
from Sung Hoon Kim (CA) to Everyone:
@Ravi. It is always good to have some templates ready for certain or generic issues. such as policy server trace template
from Sasikumar to Everyone:
About product feature: Does CA Single Sign-On Product supports Third party web service calls from Authentication API ? (Third party web services like SOAP/AXIS WS from Custom authentication module using java API). There were some cases I have raised but still I do not see concrete answer towards my question. Prouct version R12.52 Sp1
from Kar Meng (CA) to Everyone:
@Sasi, technically, it is supported as third party web services is calling CA Single Sign on JAVA API. Normally, the integration part is customization and fall out of Support scope. We can assist in engaging CA Services which is paid service
from Sasikumar to Everyone:
ok, that answers to my query related to product capability.
from Sung Hoon Kim (CA) to Everyone:
@Ravi, regarding the logging, can you submit an enhancement in the ideation site. It would be good if the product detects an error condition(selectable), the trace log would be logged for that error. I think there could be some information even though not output to the trace file, product should have some information in the memory relating to that transaction. ==> "Trigger based logging" feature.
from Sasikumar to Everyone:
Does CA SPS R12.52 SP1 has major changes with respect to architecture when compared to R12 SP3 SPS ? Since bit concerned the way prodct upgrade changed our environment. Apologize if this is not in the context here.
from Ravi Shah to Everyone:
Thank you Sung for the response.
from Mark O'Donohue to Everyone:
Hi @Saasikumar, My personal recomendation for upgrade of SPS, is always to do fresh install and transfer the configration manually
from Sasikumar to Everyone:
ok. thank you.
from Mark O'Donohue to Everyone:
an automated update has some problems since the apache config files are manually changeable, and also there are differences between different deployments of apache in SPS, and often unless upgrade over minor versions or manual changes to the config files there can be issues
from Mark O'Donohue to Everyone:
@Saarikumar, so for upgrade R12 Sp3 to R12.52 I would recomend manual upgrade, and also to test the upgrade in lower environment
from Sasikumar to Everyone:
Yes, I have tried fresh installation rather than upgrading it but I was running into some issue with dependent libraries. There is a case opened which is under progress hopefully.
from Mark O'Donohue to Everyone:
@Saarikumar, often I find doing diff on httpd/conf and proxy-engine/conf config directories is a good way to determine what changes have been made or differences
from Kar Meng (CA) to Everyone:
@Sasi, good to know that issue open, I believe it will have positive outcome
from Sasikumar to Everyone:
Thank you Mark.
from Sasikumar to Everyone:
Yeah I have compared and migrated those changes as mentioned in the ca community portal
from Kar Meng (CA) to Everyone:
@ToAll, we have just past half an hour mark, feel free to ask questions as we have another half an hour to go. Thanks.
from Kent Zhou to Everyone:
@Sasi, are you using 64bit Redhat 6? Mark and I later can later work offline with you on the case to the detail.
from Mark O'Donohue to Everyone:
@Saarikumar, I find often the new session assurance layer can cause those errors - when it is not configured correctly - they can be disabled - I will direct Kent to the doco and he can add it to the support case
from Sasikumar to Everyone:
Wow that will be nice. All we wanted is to retain the r12 sp3 product feature. At least for now, we are not using the SPS new features
from Kent Zhou to Everyone:
manage Session Assurance
from Kent Zhou to Everyone:
refer to https://support.ca.com/cadocs/0/CA%20SiteMinder%20Secure%20Proxy%20Server%2012%2052%20SP1-ENU/Bookshelf_Files/PDF/sps_admin_enu.pdf
from Kent Zhou to Everyone:
Page 35
from Kent Zhou to Everyone:
We can follow that on in the case if you still run into Java Fatal error.
from Sasikumar to Everyone:
@Kent, Red Hat Enterprise Linux Server release 5.9 (Tikanga).
from Sasikumar to Everyone:
Yes, we can take it through the case and same time, let me try the solution following up the document.
from Kar Meng Chook to Everyone:
@Sasikumar, let's direct the discussion to the issue that you have opened with CA
from Kar Meng Chook to Everyone:
@Sasikumar, this chat session is not meant to discuss Support issue
from Sasikumar to Everyone:
Sure. thank you all.
from Kar Meng Chook to Everyone:
Welcome @Haranadh
from Kar Meng Chook to Everyone:
@Haranadh, the chat session has started about 40 minutes ago, feel free to ask your questions
from Sung Hoon Kim (CA) to Everyone:
@Ravi, I created an Idea post on your behalf. https://communities.ca.com/ideas/235726357 can you go to this site and vote on it?
from Ravi Shah to Everyone:
Sure, thank you.
from Sung Hoon Kim (CA) to Everyone:
@Ravi, feel free to add your comments too
from Ravi Shah to Everyone:
sure, thank you
from Kar Meng (CA) to Everyone:
@ToAll, we have 10 minutes before our session end
from Kar Meng (CA) to Everyone:
@ToAll, we have different product specialists (SPS, Federation, ASA, SDK, Policy server, web agent) in the room
from Sasikumar to Everyone:
OK, let me raise one more question. My understanding by default R12.52 Sp1 product can support Oauth authentication scheme
from Sasikumar to Everyone:
but I do not see any template with respect to Oauth authentication. can someone clarify, how I can accept oauth token as authentication credentials ?
from Kelly (CA) to Everyone:
@Sasi, yes, it's supported and the template is installed by default
from Sasikumar to Everyone:
Aonther question, does it neccessary CA siteminder always tightly coupled with userstore ? Does it really required to have userstore connection to the policy server ?
from Sung Hoon Kim (CA) to Everyone:
@Sasi, can you elaborate more on "tightly coupled with userstore"?
from Sasikumar to Everyone:
why do we have tight coupling between userstore and policy server ? Say exp, I do not have permission to read and write user store objects directly, how we can utilize siteminder product to intercept the data through some other interface (can be plain java call to the authentication api)
from Sasikumar to Everyone:
@Sung, then there is a question why I do not see those OAuth template. Probably I need to increase another case count here.
from Kelly (CA) to Everyone:
@Sasi. the OAuth template should be imported with the smpolicy.smdif
from Kelly (CA) to Everyone:
@Sasi, you can open a support ticket with us if OAuth template is still not visible for configuration
from Sung Hoon Kim (CA) to Everyone:
@ByungHyup.Kim Welcome. 어서오세요
from Sasikumar to Everyone:
@Kelly, I have imported those objects during policy store config. yes, I will do that. Thanks
from Ujwol (CA) to Everyone:
@Sasi ..On the external authentication API ..again ..theoritically this is possible..Did you give it a try ? Have you faced any challenges ?
from Kar Meng (CA) to Everyone:
@ToAll, we have the session end soon, let's have one more last question
from Kar Meng (CA) to Everyone:
@ToAll, anyone want to raise a question?
from Sasikumar to Everyone:
@Ujwol, Yes, I have tried for disambiguation using third party WS which not gone through the way we wanted. then we have done work around to acheive the same
from Ujwol (CA) to Everyone:
Yeah , I am sure it will not be starightforward
from Ujwol (CA) to Everyone:
There will be some tweaking involve to get it working
from Sasikumar to Everyone:
Thank you all for your time and addressing my quries.
from Kar Meng (CA) to Everyone:
@ToAll, thanks for joining and we will schedule another chat session and will be announced in CA Community.
from Sasikumar to Everyone:
Yeah understand Ujwol. Always work around gives the majic but when comes to maintain the same bit hectic
from Samuel Yii (CA) to Everyone:
thank you Kar Meng
from Sasikumar to Everyone:
Thank you All.
from Ravi Shah to Everyone:
Thank you Kar Meng
from Kar Meng (CA) to Everyone:
@ToAll. Thank you all
from Kar Meng (CA) to Everyone:
@ToAll. Do you feel this chat is benefit and do you want to join in the future?
from Sung Hoon Kim (CA) to Everyone:
@ByungHyup.Kim @JungMinHo 안녕하세요. 시간착오가 있었나 보네요. 다음에 이런 자리를 또 마련하려고 합니다. 별도로 연락드리겠습니다
from Kar Meng (CA) to Everyone:
@ToAll, I'm closing the session
from Kar Meng (CA) to Everyone:
@ToAll, thanks