Chat Transcript: Office Hours for CA Single Sign-On [Oct 15th]

Document created by Chris Stallone Employee on Oct 15, 2015Last modified by kristen.palazzolo on Dec 17, 2016
Version 2Show Document
  • View in full screen mode

Kristen Malzone (CA) :

Welcome to Office Hours! We'll get started in 2 minutes.

 

Kristen Malzone (CA) :

Let's get started! If you have a question about CA Single Sign-On, enter it here in the chat window. Our product experts are standing by to answer your questions.

 

Kristen Malzone (CA) :

Please RT to invite others to join: https://twitter.com/CA_Community/status/654689733214208001

 

Kristen Malzone (CA) :

@Srikanth - Thanks for joining!

 

Kristen Malzone (CA) :

@Srikanth - Do you have a question about CA Single Sign-On?

 

srikanth :

@Kristen...yes thank you

 

srikanth :

Can CA SSO act as an OAuth provider?

 

Aaron Berman :

@Srikanth - SSO can consume Oauth but not create it.  If we need to generate Oauth tokesn we generally do it as part of our integration with the Layer 7 gateway....   What is your use case?

 

Steven Bankowitz (CA) :

Srikanth, any other questions?

 

srikanth :

Sorry , i got disconnected...if i can still ask a question

 

Kristen Malzone (CA) :

Sure!

 

srikanth :

can we REST Authentication webservice (SPS) to recieve SMSESSION token and use it to access protected resource by a traditional web agent?

 

Shahn Soomro (CA) :

@Srikant.. the short answer is yes.

 

srikanth :

and does REST API accept users X509 digital certificate?

 

Shahn Soomro (CA) :

you can get an SMSession by authenticating via REST webserivess and reuser the SMSession for another webservivce or web application.

 

srikanth :

Thanks Shahn...session token we recieve ...can we use it to build SMSESSION token and pass it to traditional web agent?

 

srikanth :

Build SMSESSION cookie ...using session token we recieve after succeful authentication?

 

Shahn Soomro (CA) :

you get an SMSession token ..so you dont need to build one..you cannot build a SMSession token without using SSO Agent libriaries

 

Shahn Soomro (CA) :

the SMSession token you receive is SMSession cookie.. you can save it and re-use it

 

Shahn Soomro (CA) :

you get that as part of REST response on successful authentication

 

srikanth :

Thanks ...and webservice...can it accept users digital certificate as a credential

 

srikanth :

another question....any plans to support FIDO alliance  CA SSO? to offer password less authentication?

 

Shahn Soomro (CA) :

that I will have to investigate..the OOTB webservices API examples use basic  (username/password) as authentication method..technically I dont see a reason for it not be able to use a different auth mechanism as long as you can create the correctly formated request ..but I have not done it myself

 

Kristen Malzone (CA) :

Ok that's all the time we have for today!

 

srikanth :

Thanks every one...i will post my questions in next office hours.

 

Kristen Malzone (CA) :

You can also post questions to the CA Security Community! https://communities.ca.com/community/ca-security

 

Kristen Malzone (CA) :

We'll post the transcript  today's chat session to the Security Community.

 

Shahn Soomro (CA) :

Yes CA is part FIDO alliance .and yes we intend to support the FIDO authentication enabled clients in due time

 

Kristen Malzone (CA) :

Thanks for joining today, Srikanth!

Attachments

    Outcomes