Chat Transcript: Office Hours for Advanced Authentication [Jan. 5th]

Document created by Chris Stallone Employee on Jan 5, 2016Last modified by kristen.palazzolo on Dec 17, 2016
Version 3Show Document
  • View in full screen mode

Kristen Malzone (CA) :

If you have a question about CA Advanced Authentication, enter it here in the chat window.

 

Kristen Malzone (CA) :

Product experts are standing by...

 

Kristen Malzone (CA) :

Welcome to Office Hours, Anand & Cheryl!

 

Cheryl Seago :

hi no audio?

 

Frank Morrow :

Hi

 

Kristen Malzone (CA) :

No audio - all conversation happens here in the chat window.

 

Kristen Malzone (CA) :

We'll answer your questions right here as quickly as possible.

 

Kristen Malzone (CA) :

Hi Frank! Welcome!

 

Frank Morrow :

What is the optimal version of Siteminder to get the full functionality of Adv Auth?

 

Martin Yam :

i believe that the version is 12.52

 

Namish Tiwari :

Latest version of Siteminder should work fine with Adv Auth. Best to use is 12.52 as Marty pointed

 

Frank Morrow :

Thank you

 

Kristen Malzone (CA) :

If you're also a Single Sign-On customer, please take a few minutes to provide your feeback by taking the Product Survey: https://communities.ca.com/docs/DOC-231162658

 

Kristen Malzone (CA) :

Welcome, Marie!

Kristen Malzone (CA) :

 

Do you have a question for our Advanced Authentication experts?

Latha :

Do we have any specific documentation how to integrate with siteminder and how it works

 

Martin Yam :

there is an auth scheme that currently is delivered as part of the AA product that provides credential as well as risk scoring integration,

 

Martin Yam :

this is provided as part of the AA documentation.

 

Martin Yam :

  1. wiki.ca.com is the location for documentation at this time

 

Challa Ramakanth :

https://docops.ca.com/aa/8-1/EN is the URL for the AA documentation.

 

Namish Tiwari :

Integration of SiteMinder and Adv Auth is well documented in our docs and can be leveraged  the support site. wiki.ca.com/aa is the location. You need to look for Adapter as that is one which is used for integration

 

Latha :

how to integrate our enterprise LDAP to work with  Advance Auth with siteminder

 

Rishu :

Will resetting masteradmin password have any impact on the actual functinality of the application?

 

Namish Tiwari :

Adv Auth has Organization( Groups) which we configure for external repository in your case an LDAP and we pull all the users  LDAP for enrolling or authentication. It is again documented in Admin guide how it can be done

 

Rishu :

Also, how can we unlock the masteradmin account? and how can we reset the password?

 

Namish Tiwari :

We only do read operations on LDAP and no write operations so we only read the user details

 

Latha :

is there a link page number i can look

 

Latha :

so it will be like we use user directory in our siteminder UI

 

Namish Tiwari :

Resting the masteradmin password will not have any impact on any functionality

 

Namish Tiwari :

@Latha, yes it will be user directory in SM ui

 

Rishu :

thanks

 

Namish Tiwari :

@Latha page 151 describes how you can integrate external repository with Adv Auth

 

Latha :

Can you please paste the link for Admin guide

 

Girish Kumar (CA) :

@Latha what version of AM are you at

 

Namish Tiwari :

@ Latha go to the website which is pasted above and then download the doc in PDF mode and look for section as mentioned below

 

Namish Tiwari :

Additional Configurations to Support LDAP Repository in CA

Strong Authentication

This appendix covers the following topics:

Creating Organization in LDAP Repository

Resolving Credential Types for LDAP Organization

Verifying the LDAP Configuration in CA Strong Authentication

 

Namish Tiwari :

@Rishu , in product installation location ARCOT_HOME/dbscripts we provide the arcot-masteradmin-password-reset-8.1.sql which needed to run. it is also available in 7.x version but for 6.x version support need to be contacted

 

Rishu :

ok thanks.. I wil check..

 

Girish Kumar (CA) :

@Rishu 8.1 documentation has mention of the Admin Reset script but yes for earlier version a Support ticket is needed as Namish indicated

 

Rishu :

Sure Girish, will check and raise support ticket, if needed.. Thanks

 

Rishu :

to enable VPN using Advanced authentication, do we need to make changed in AFM component also? We use Juniper pulse as our VPN solution

 

Kristen Malzone (CA) :

15 minutes left! Get your last questions in now!

 

Namish Tiwari :

@Rishu AFM OOTB provides VPN integration. There are OOTB flows defined but if you want anything other than OOTB , you may need to do some customization to achieve that. We provide SSL and Ipsec VPN integration OOTB

 

Rishu :

  • ok... will test it out

 

Girish Kumar (CA) :

@Rishu AFMWizard allows setting up the arcotafm.properties for VPN integration flow at 7.x and above

 

Rishu :

@Girish - Do you have any guide or link guiding me on the same

 

Girish Kumar (CA) :

@Rishu This would be in the Adapter Guide such Adapter 2.2.9

 

Namish Tiwari :

@Rishu go to wiki.ca.com/aa then download the doc in PDF and look for Configuring CA Adapter Juniper SSL VPN

 

Rishu :

  1. yup.. I have that document..

 

Rishu :

I will follow that and configure.. Thanks again

 

Kristen Malzone (CA) :

Alright, if there are now more questions we will wrap up Office Hours today!

 

Kristen Malzone (CA) :

Thanks for joining - we'll post the chat transcript to the CA Security Community.

Attachments

    Outcomes