Chat Transcript: Office Hours CA Single Sign-On [Jan. 21st]

Document created by Chris Stallone Employee on Jan 21, 2016Last modified by kristen.palazzolo on Dec 17, 2016
Version 3Show Document
  • View in full screen mode

Kristen Malzone (CA) :

Alright, let's get started!

 

Kristen Malzone (CA) :

Welcome to Office Hours for CA Single Sign-On!

 

Kristen Malzone (CA) :

If you have a question about SSO, enter it here in the chat window. Our product experts are standing by to answer your questions in real-time!

 

Kristen Malzone (CA) :

@Latha - Welcome!

 

Kristen Malzone (CA) :

If you haven't yet, please take a few minutes to provide your feedback via the SSO Product Survey: http://cainc.to/DwH8PH

 

Kristen Malzone (CA) :

@Ramesh - Hello! Welcome to Office Hours!

 

Ramesh :

Hi

 

Kristen Malzone (CA) :

@Ramesh - Do you have a question about SSO?

 

Ramesh :

not really.

 

Ramesh :

Do you have any free tool is available for generating the policy report? Like Safe reports.

 

Colleen Doyle (CA Edu) :

Want to learn more about Single Sign-On? Check out the newly released self-directed training for CA Single Sign-On 12.52.x: Foundations 200. Visit the LMS today to get started! http://marketplace.ca.com/education/04smr2043s.html

 

Challa Ramakanth (CA) :

@Ramesh, Can you please expand on the question? What do you mean by policy report?

 

Tony Pham (eComm SSO Services) :

Hi, this is a follow up. have CA make any decision to provide support for SM 12.51 on RedHat Linux 7.x OS yet?

 

Ramesh :

i have requirement that each application owener wants the policy/domain report that who have access to their applications.

 

Ramesh :

how i can provide such report?

 

Latha :

Hi I have a question regarding signing certificate renewal for federation apps is there a any easy process rather to do update individually

 

Rob Lindberg (CA) :

@Tony, for RH7, we have been evaluating our ability to provide support but do not yet have any timeframe. we have 3rd party components that we rely on that are not yet supported on RH7

 

Latha :

Hi I have a question regarding signing certificate renewal for federation apps is there a any easy process rather to do update individually

 

Tony Pham (eComm SSO Services) :

@Ramesh, that can be done if you setup your agent name with a naming convention that tie to teh application.   then you can build a script to grep that wa name,

 

Tony Pham (eComm SSO Services) :

@Ramesh, next step is to look at the user ID field, and sort for uniqueness.  but then the challenge is this field would not provide their full name, so you will have to use another tool for cross references

 

Challa Ramakanth (CA) :

@Ramesh, The product does not have such a report which can list all of the users that have access to the applications. But there seems to be an anlysis report which can be obtained using the reports server which can tell you what all users are affected by a policy or a domain. I am not sure they are the same but I think they might be close to what you are looking for.

 

Tony Pham (eComm SSO Services) :

@Rob, the question on SM 12.51 and RH7.x was posted in the community at least since July of last year, and was asked again in this office hour format in Oct. and Dec (i think). for the office hours, we can go back to the transcript if necessary.   what i'm trying to say is the question is posted out tehre for quite some time

 

Ramesh :

  • ok. Thanks Chella & Tony

 

Tony Pham (eComm SSO Services) :

and if CA said community is a medium to submit a request for "features", so CA can look into that, well, i haven't seen it happening

 

Challa Ramakanth (CA) :

@Latha, we do not have such an easy process right now. You have to update them individually.

 

Latha :

is anything  CA is thinking of  providing

 

Rob Lindberg (CA) :

@Tony, we have the idea in the 'wish-listed' state, which means it's something we plan to do, but we don't yet have a date that we can communicate. There are some dependencies as well on a 64-bit application which is being worked on now.

 

Tony Pham (eComm SSO Services) :

@Rob, i'll keep on checking

 

Rob Lindberg (CA) :

@Latha, as far as improved certificate management, it has been discussed earlier and I would suggest adding your vote to this idea: https://communities.ca.com/ideas/109952650

 

Rob Lindberg (CA) :

@Latha, to continue, we have 'wish-listed' this but have not made any committment yet as to when we might deliver the capability. If you add your vote, PM will know that you have an interest in this topic

 

Tony Pham (eComm SSO Services) :

on CA world last year agenda, i note that there were several roadmaps.  are those posted anywhere on CA site (included support site), or i have to check in with my account manager to get those info ?

 

Rajkiran :

Hello Everyone,

 

Sid Mautte (CA) :

@Rajkiran - welcome

 

Rajkiran :

I work on SSO and Authminder

 

Rob Lindberg (CA) :

@Tony, we don't publish the roadmap information, so do check with your account manager on what he can share.

 

Rajkiran :

we use siteminder 12.52,sp1 cr1, we trying to migrate SSL to TLS on our windows machine

 

Rajkiran :

we need some suggestions

 

Tony Pham (eComm SSO Services) :

are there any "how-to" documents that discuss migration  12.51 to 12.52 ?

 

Sid Mautte (CA) :

@Tony - While the overall product roadmap is not published there is a published 'SiteMinder Platform Roadmap' which can be viewed at http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/technical-document-index/ca-siteminder-informational-documentation-index.aspx?intcmp=searchresultclick&resultnum=2.

 

Tony Pham (eComm SSO Services) :

@Sid, thx

 

Tim Rapley (CA) :

@Tony - there are migration docs. I can send you a link to the process, but would like to know whether you'd be migrating to 12.52, 12.52 SP1, or 12.52 SP2.

 

Tim Rapley (CA) :

@Tony - Migrate to 12.52: https://support.ca.com/cadocs/0/CA%20SiteMinder%2012%2052-ENU/Bookshelf_Files/HTML/idocs/index.htm?toc.htm?sm-upgrade.html

 

Tim Rapley (CA) :

@Tony - Migrate to 12.52 SP1: https://docops.ca.com/display/sm1252sp1/How+to+Migrate++r12.x

 

Tim Rapley (CA) :

@Tony - Migrate to 12.52 SP2: https://docops.ca.com/display/casso10/Upgrading++r12.x

 

Tony Pham (eComm SSO Services) :

@Tim, i have to read the release note first, before i can make the decision, and certainly would want to stay away  version(s) that would be soon obsolete/EoL, so certainly not 12.52 (listed above).  My SM setup is quite simple, only for session management. 

 

Tony Pham (eComm SSO Services) :

@Tim, thx

 

Tony Pham (eComm SSO Services) :

@Sid, the link you provided is quite good.  one stop shop.

 

Sid Mautte (CA) :

@Tony - you are welcome.

 

Rob Lindberg (CA) :

@Tony, for a windows 2012R2 server requirement, you would want to upgrade to 12.52 SP2, any unix platform, it would be SP1.

 

Kristen Malzone (CA) :

15 minutes left! Get your final questions in now!

 

Tim Rapley (CA) :

@Tony - you're very welcome.

 

Tony Pham (eComm SSO Services) :

@Rob, got it.  my is Linux

 

Tony Pham (eComm SSO Services) :

for those that run SM on Linux, you probably ran into the /dev/urandom item.   there is a techdoc that give you another option by installing the random number generator tool - http://www.ca.com/us/support/ca-support-online/product-content/knowledgebase-articles/tec541176.aspx

 

Rob Lindberg (CA) :

@Tony, so r12.52 SP1 is your upgrade path.

 

Tony Pham (eComm SSO Services) :

@Rob, ack

 

Rajkiran :

I am looking for documents for SSL to TLS migration on siteminder servers ?

 

Kristen Malzone (CA) :

Meet the latest community member featured in the CA Security Community: https://communities.ca.com/community/ca-security/blog/2016/01/12/community-member-spotlight-justin-mcdonald-january-2016

 

Tony Pham (eComm SSO Services) :

Tim, Rob, Sid, appreciated all the pointers/tips.  will check in next month for anything interesting!!,

 

Tony Pham (eComm SSO Services) :

and Happy NY .   Live well and prosper  

 

Tim Rapley (CA) :

@Tony - there is also more information about Linux entropy here: https://docops.ca.com/display/casso10/Prepare+for+the+Policy+Server+Installation#PrepareforthePolicyServerInstallation-IncreaseEntropyforRedHatLinux

 

Kristen Malzone (CA) :

@Tony Thanks! You too!

 

Rob Lindberg (CA) :

@Rajkiran, we don't have anything specifically to help with the SSL to TLS migration. we'd probably need a bit more detail on what exactly you are looking to do so I would suggest opening a RFI with support

 

Kristen Malzone (CA) :

Alright - that's all the time we have for today

 

Kristen Malzone (CA) :

Please join us next month for another session of Office Hours for CA Single Sign-On.

 

Jeff :

Than you

Attachments

    Outcomes