Chat Transcript: Office Hours for CA Single Sign-On [JULY 2016]

Document created by kristen.palazzolo Employee on Jul 29, 2016Last modified by kristen.palazzolo Employee on Dec 17, 2016
Version 3Show Document
  • View in full screen mode

from Jeff Limpert to Everyone:

I have not questions at this time.

from Steven Bankowitz to Everyone:

Hi Everyone, we will be starting in 5 minutes.

from Steven Bankowitz to Everyone:

If you have a question about CA Single Sign-On, please enter it here in the chat window.

from Aaron Berman (CA) to Everyone:

Hello Christian, do you have any questions?

from Steven Bankowitz to Everyone:

@Christian, any questions for us?  Any comments?

from Steven Bankowitz to Everyone:

Anything that you would like us to explain in more details?

from Christian Demuth to Everyone:

hi all

from Christian Demuth to Everyone:

sorry had some issues with my setup here

from Steven Bankowitz to Everyone:

Do you have any questions for us Christian?

from Steven Bankowitz to Everyone:

Any experiences that you would like to share?

from Christian Demuth to Everyone:

we have a request from a customer for FIDO support in CA SSO

from Christian Demuth to Everyone:

any news about that?

from Christian Demuth to Everyone:

then we have several "ideas" open regarding the WAMUI that we see as severe deficits

from Christian Demuth to Everyone:

not to say defects and we want to know whats happening with them and when

from Aaron Berman (CA) to Everyone:

@christain in 12.6 we will be having multiple enhancements in the WAMUI for performance, and new agent configuration object screens

from Rob Lindberg (CA) to Everyone:

@Christian, we haven't received a lot of interest in FIDO recently. Do you have use cases that you'd like share?

from Aaron Berman (CA) to Everyone:

@christain, what are the problmes you are experiencing?

from Christian Demuth to Everyone:

ok but what about basic things like displaying more than 10 (sometimes even only 5) lines per screen`?

from Christian Demuth to Everyone:

we have >300 realms by now and severl hundred agents

from Christian Demuth to Everyone:

the UI is only displaying 10, so you need to always use searches

from Christian Demuth to Everyone:

usability is poor if you have more than a "lab environment"

from Rob Lindberg (CA) to Everyone:

@Christian, we have had this request from others in the community and I recommend that you vote for it to help raise the priority. It is something we hear from customers. https://communities.ca.com/ideas/235730823

from Christian Demuth to Everyone:

done

from Christian Demuth to Everyone:

but honestly there is no democratic voting needed to fix tis deficit, it is obvious

from Aaron Berman (CA) to Everyone:

christian, I have also spoken about that challenge you identified to our PM as well.

from Christian Demuth to Everyone:

good to know

from Christian Demuth to Everyone:

as already discussed where you were onsite at *** the UI needs a big overhaul

from Christian Demuth to Everyone:

or better a quick replacement with something more usable

to Christian Demuth (privately):

Hi Christian, this is a private message.  When we post this transcript, we will pull out your company name.

from Rob Lindberg (CA) to Everyone:

@Christian, I'm on the PM team, as Aaron said, he and I discussed this and we are reviewing all the usability feedback that we have received recently.

from Christian Demuth to Everyone:

OK, when will we get feedback here and how?

from Rob Lindberg (CA) to Everyone:

@Christian, we have a customer validation portal (validate.ca.com) with a project for CA SSO and we have been reviewing items like this there. I suggest registering and we can see about adding you. You can also post your comment on the community idea as well.

from KC to Everyone:

Hey everyone..

from Steven Bankowitz to Everyone:

Hi KC.  Any questions for the CA Team?

from Christian Demuth to Everyone:

what is the validateion site about?

from Christian Demuth to Everyone:

is this a kind of beta program? I just registered but didnt understand what it is for

from Rob Lindberg (CA) to Everyone:

@Christian, the validate site is where CA manages all of it's beta programs exactly.

from KC to Everyone:

I am trying to keep myself updated with siteminder learn more about its features.can you suggest any resources..where i can learn more about siteminder features..

from Christian Demuth to Everyone:

unfortunately we dont have the resources for betas unless funded

from Colleen Doyle (CA Edu) to Everyone:

@KC - yes, let me get you the link to our SSO Learning Path

from KC to Everyone:

that would be great

from Aaron Berman (CA) to Everyone:

@KC also we have a fair amount of information on our community site.  For example we just did a webinar about the new features in 12.52 SP1 CR5

from Rob Lindberg (CA) to Everyone:

@Christian, I understand resource constraints. It's also where we have discussons about upcoming features, which is done using a forum.

from Colleen Doyle (CA Edu) to Everyone:

@KC - here's the link to our Learning Path http://www.ca.com/content/dam/ca/us/files/learning-path/ca-single-sign-on.PDF

from Timothy Rapley (CA) to Everyone:

@KC - the documentation for all current SSO releases is available here: https://docops.ca.com

from Christian Demuth to Everyone:

any infor about the FIDO integration?

from KC to Everyone:

are there any videos for these updates...

from Steven Bankowitz to Everyone:

Security Based Authorization: https://communities.ca.com/videos/4393

Federation: WAOP or SPS: https://communities.ca.com/videos/4363

Enablement of Office 365: https://communities.ca.com/videos/4336

from Steven Bankowitz to Everyone:

REPLAY: Understanding new session store & metric features in 12 52 sp1 cr5: https://communities.ca.com/videos/4200

from Steven Bankowitz to Everyone:

I also have to plug my boss, he just did a video the other day (non-SiteMinder specific) 

from Steven Bankowitz to Everyone:

Check out this replay of Dipto’s webcast from yesterday on Big Data in Cybersecurity: https://communities.ca.com/videos/4550

from Rob Lindberg (CA) to Everyone:

@Christian, as I commented early regarding FIDO, we haven't gotten a lot of interset recently, so there is no additional integration in the immediate future. Do you have use cases that you can share?

from Aaron Berman (CA) to Everyone:

@christina, also

from Aaron Berman (CA) to Everyone:

12.52 SP1 CR5 recording:

https://communities.ca.com/videos/4200

CA SSO and CA Support Remote engineer

https://communities.ca.com/videos/3742

Monitoring CA SSO

https://communities.ca.com/videos/2494

from Christian Demuth to Everyone:

FIDO: just a request from a customer,

from Christian Demuth to Everyone:

they have MS Hello and this seems to interface to FIDO somehow

from Steven Bankowitz to Everyone:

@Sam: Welcome Sam.

from Aaron Berman (CA) to Everyone:

MS hello is more of a way to sign into a local device.. from there i would think about doing a windows auth.

from KC to Everyone:

thanks..everyone

from Sam Dikeman to Everyone:

Good morning Steve.  Of course, only if it is morning wherever you are...

from Aaron Berman (CA) to Everyone:

@sam - i know we spoke about thislast time.. but 12.6 is still running on track.   have you had a chance to download it from the validation site?

from Steven Bankowitz to Everyone:

@Sam: Do you know if you looked at the isAuthorized() turning off capability that was recently added?  I know Jeff was really interested in this a couple years ago.

from Sam Dikeman to Everyone:

@Aaron - no.  got a definite not interested from management.

from Aaron Berman (CA) to Everyone:

@sam dissapointing, continuing to work to build a better solution

from Steven Bankowitz to Everyone:

--[12 Minutes left.  Get your final questions in!!]--

from Steven Bankowitz to Everyone:

News You Can Use: https://communities.ca.com/docs/DOC-231168775

from Sam Dikeman to Everyone:

@Aaron.  You never know what the future may hold so things may change.  RIght now I'm starting some preliminary work on determining if we have a memory leak.  Some of our production policy servers are approaching and hitting the 4GB virtual mark.  Of course being prod, logging is limited for triage.  I'm not saying it is the policy server proper.  We have lots of things hanging off of it that could be a culprit as well.  Or maybe its nothing.

from Christian Demuth to Everyone:

maybe for next time: we'd like to know how to monitor session store in CA Dir

from Christian Demuth to Everyone:

currently there are lots of logs produced from CA DIR, but how to tell if things are OK or not?

from Aaron Berman (CA) to Everyone:

@sam, probably will take it offline, but anything is possible.  i know in the version you are running there are several known issues that have been fixed in newer releases.  but please keep me informed

from Aaron Berman (CA) to Everyone:

@christian, I will talk with the account team to setup a discussion.  The directroy has the ability to send a JSON formatted message to a remote server that containes monitor info

from Sam Dikeman to Everyone:

@Aaron.  thanks.  oh yeah, when I have more info, if I need to open a case, you know I will

from Aaron Berman (CA) to Everyone:

@sam i know you are not shy.  please involve us sooner rather than later.  would rather have early notice then a big escalation

from Christian Demuth to Everyone:

@Aaron: would be great

from Steven Bankowitz to Everyone:

--[5 Minutes left.]--

from Sam Dikeman to Everyone:

Seeing the JSON note triggered something...   I'm still fuzzy about the "Idea" section of the communities site.  We've been told to put enhancement requests out there.  How do we tell when they will be looked at?  From the emails I get from the communitites site, it almost looks like every once in a while, someone from CA has 10 minutes to plow through there and comment on as many as they can.

from KC to Everyone:

if all the configuration is correct on policy server..bt still web agent is not taking to policy server..

from KC to Everyone:

any idea what could be d issue

from KC to Everyone:

*the

from Steven Bankowitz to Everyone:

@KC: Two things to double check.  HCO, and the smhost.conf.  Keep it simple for troubleshooting.  Use only one IP address.  No DNS, no cluster, etc.

from Sam Dikeman to Everyone:

I opened one back in October.  Nothing really seems to happen.  The creator never really knows when it might be looked at.

from Christian Demuth to Everyone:

ideas: that is what I also asked before

from Christian Demuth to Everyone:

how do we know that they get accepted?

from Christian Demuth to Everyone:

or why not?

from KC to Everyone:

We checked HCO and smconf..any other suggestions

from KC to Everyone:

*smhost.conf

from Sam Dikeman to Everyone:

And when I had a case opened for the issue, the tech tells me that lots of customers are asking for this enhancement.

from Sam Dikeman to Everyone:

So appears to be disconnect from our side.

from Rob Lindberg (CA) to Everyone:

@Sam, with regards to the community idea section. the PM team reviews new ideas weekly, which is why you see updates in batches. We then use a voting period, which we just closed, to collect the summary of counts so we can make further decisions about advancing requests into our backlog. We mark an idea as 'planned' when we've committed it to a release.

from Steven Bankowitz to Everyone:

@KC: So assuming you have IP routing, and no firewall, then i would open a ticket with support.

from Steven Bankowitz to Everyone:

Sorry KC that we do not have any more hints for you.

from Steven Bankowitz to Everyone:

thanks everyone, we are out of time.  We will post this transcript soon.

from Sam Dikeman to Everyone:

@Rob.  ok.  But form a customer fristration viewpoint, I have a tech telling me lots of customers are asking, I open an idea, it only has my 1 vote, so I'm figuring this thing is dead.

from Christian Demuth to Everyone:

ok thanks everyone, too

from Christian Demuth to Everyone:

have a good day!

from Rob Lindberg (CA) to Everyone:

@Sam, understood. we are encouraging customers to vote and I'll mention that as well to our support team. gotta run, but thanks for all the feedback!

from Steven Bankowitz to Everyone:

Bye everyone.

Attachments

    Outcomes