Chat Transcript: Office Hours for CA Advanced Authentication [JULY 2016]

Document created by kristen.palazzolo Employee on Jul 5, 2016Last modified by kristen.palazzolo Employee on Dec 17, 2016
Version 3Show Document
  • View in full screen mode

from Raj to Everyone:

GM/GA one and all

from Kristen Palazzolo (CA) to Everyone:

Hello Raj!

from Kristen Palazzolo (CA) to Everyone:

Please RT to invite others to join: https://twitter.com/CA_Community/status/750402675892752384

from Kristen Palazzolo (CA) to Everyone:

Welcome to Office Hours for CA Advanced Authentication!

from Kristen Palazzolo (CA) to Everyone:

My name is Kristen and I am the Community Manager for the CA Security Community: https://communities.ca.com/community/ca-security

from Kristen Palazzolo (CA) to Everyone:

Let's get started. If you have a question about CA Risk Authentication or CA Strong Authentication, you can ask it here in the chat window.

from Kristen Palazzolo (CA) to Everyone:

Product experts are standing by to answer your questions in real-time.

from Kristen Palazzolo (CA) to Everyone:

Welcome Raj & Somi!

from Kristen Palazzolo (CA) to Everyone:

Do you have any questions for us today?

from somi to Everyone:

Hi there, If we need to use any other ports than the specified ones within Strong Authentication, would there be an issue? for example, we have been using a different ports for web fort auth and WebFort issuance.

from Kristen Palazzolo (CA) to Everyone:

Hi Cheryl! Hi Shan! Thanks for joining!

from Shan to Everyone:

Hi

from Shan to Everyone:

Np

from somi to Everyone:

we are in the middle of upgrade from 6.2.5 and 2.2.6 and 2.2.1.2 to 8.1 respectively

from Girish (CA) to Everyone:

@Somi The issuance and Authentication ports are not changeable they are the one defined for the specific versions - for issuance and authentication they are defined

from somi to Everyone:

with our Prod system, we have used diffedrent ports. Could we continue to use the same and configure withing WebFort Properties.

from Namish to Everyone:

@Somi if it is older SDK then port need not be changed, 9744 for issuance and 9742 for Authentication, if you are using latest SDK (8.1 adapter) then ports needed to be 9742 only

from Girish (CA) to Everyone:

@Somi The issuance and Authentication ports will be the once that are called out when running the AFM wizard they will be defaulted to 9742

from Girish (CA) to Everyone:

@Somi 8.1 where you are upgrading to

from somi to Everyone:

So moving forward with the upgrade, we have to use the same Ports even for the Custom Flows?

from Namish to Everyone:

@Somi as mentioned before if you are using older SDK say you are not changing your application and using latest Advanced Auth servers which are 8.1 then you have to use 9744 for issuance and 9742 for authentication but if your Application is using latest SDK which is 8.1 then port has to be 9742 unless you use webservices

from Namish to Everyone:

@Somi are you developing new application using the latest adapter(AFM) or using the older application only?

from somi to Everyone:

We are running a test for the OOB Flows with LDAP + ArcotID in an upgraded version of 8.1

from somi to Everyone:

and the OOB AFM is failing for a reason even with the default ports.

from Namish to Everyone:

@Somi i will schedule a webex and go over the issue.

from somi to Everyone:

sounds good.

from Shan to Everyone:

I'm trying to see how we can integrate CA strong authentication with Siteminder

from Shan to Everyone:

would CA strong authentication provides custom auth scheme to be deployed with siteminder where in Siteminder used for first factor and strong will be used for second factor of authentication?

from Shan to Everyone:

can some one provide me the design around this?

from Namish to Everyone:

@Shan yes that is possible, There are OOTB fows which does LDAP Auth first and then the strong auth

from Bob Maiello to Everyone:

@CA   :  Does CA have any plans to simplify Advanced Authentication?   We currently have a seperate infrastructure for it...oracle database,  webfort servers, tomcats,  arcot shim/conf on PSs, VIPs in fronf   The infrastructure needed to support this single auth scheme is vast.

from Shan to Everyone:

Thanks Namish

from Namish to Everyone:

@Shan documents are available on support site, you can refer to this link -- https://docops.ca.com/ca-advanced-authentication/8-1/EN

from Namish to Everyone:

you need to refer to the Adapter piece which is the connecting part between Strong Auth and SiteMinder

from Girish (CA) to Everyone:

@Shan the Adapter Guide will be key to understand the how authscheme allows to integrate Advnanced Auth scheme.

from Martin Yam to Everyone:

@Bob - are you aware that we don't require a separate Oracle instatnce  , just need name space in an existing DB

from Shan to Everyone:

Sure. Thank you Girish and Namish

from Bob Maiello to Everyone:

??  The arcot/authminder database consists of many tables.  plus we need high availability..   The database has not been our only complexity with it..   each port requires a VIP for HA ..ie..the statemanager needs a VIP, the webforts need a VIP..   it has become a large infrastructure to support one auth scheme..

from Girish (CA) to Everyone:

@Bob you are right. HA capabilities are being considered in line of what you bring up here. But no timelines at this point.

from Bob Maiello to Everyone:

thanks..

from Kristen Palazzolo (CA) to Everyone:

15 minutes left! Get your final questions in now!

from somi to Everyone:

I think I am good. Thank you!

from Shan to Everyone:

I'm good as well. Thanks

from Kristen Palazzolo (CA) to Everyone:

Thanks for joining Office Hours! I'll post the chat transcript to the CA Security Community. See you again next month!

Attachments

    Outcomes