Chat Transcript: Office Hours for CA Advanced Authentication [OCTOBER 2016]

Document created by kristen.palazzolo Employee on Oct 4, 2016
Version 1Show Document
  • View in full screen mode

from Jeff Limpert to Everyone:
Good morning.
from Kristen Palazzolo (CA) to Everyone:
Morning!
from Kristen Palazzolo (CA) to Everyone:
We'll get started in 2 minutes.
from Renjen to Everyone:
Hi, Is there a conf call ?
from Kristen Palazzolo (CA) to Everyone:
@Renjen No audio - all conversation happens right here in the chat window. It's like a chat room.
from Renjen to Everyone:
ok, Thx
from Kristen Palazzolo (CA) to Everyone:
RT: https://twitter.com/CA_Community/status/783304526786854912
from Kristen Palazzolo (CA) to Everyone:
Alright - let's get started!
from Kristen Palazzolo (CA) to Everyone:
If you have a question for our product team, enter it here in the chat window. Product experts are standing by to answer your questions in real-time!
from Renjen to Everyone:
-By default when an ArcotID is created what all details stored in the AuthMinder Oracle DB, is it ID, e-mail, cell phone and image ?
from Kristen Palazzolo (CA) to Everyone:
So, who's got the first question??
from Renjen to Everyone:
By default when an ArcotID is created what all details stored in the AuthMinder Oracle DB, is it ID, e-mail, cell phone and image ?
from Renjen to Everyone:
also if we configure to use LDAP with AuthMinder, what is the flow of user check works, is it going to check AuthMinder oracle DB first then ldap or it will check the ldap first then AuthMinder DB ?
from Joe Lutz (CA) to Everyone:
@Renjen The ArcotID is only one separate credendial ..the users mail, id, cell phones are separate attributes that are stored in a user table or held inside an LDAP depending on your configuration.. Do you have a use case behind this question?
from Renjen to Everyone:
yes, I do see email , id, cell and image of the enrolled users are stored in the Oracle DB so what to confirm what is the default ?
from Renjen to Everyone:
also if we configure to use LDAP with AuthMinder, what is the flow of user check works, is it going to check AuthMinder oracle DB first then ldap or it will check the ldap first then AuthMinder DB ?
from Renjen to Everyone:
????
from Joe Lutz (CA) to Everyone:
@Renjen The order of the check should be our DB first and LDAP second... but please dont confuse the 2 as both are necessary for authentication. The Arcot DB will store the USER name only after enrollment .. the User name and other attributes are read from the LDAP
from Renjen to Everyone:
Arcot DB referring to the DB that is configured for Authminder, right? In my case orcale DB, right ?
from Joe Lutz (CA) to Everyone:
@Renjen Why are you looking into this flow? your purpose may help me get the info you need
from Joe Lutz (CA) to Everyone:
@Renjen Yes
from Renjen to Everyone:
because if we change user details in Ldap for example e-mail ID updated etc... is that going to check the ldap first or DB first?
from Renjen to Everyone:
anyway when we tested it works fine so just want to confirm what is the correct flow when a user tries to enroll/login. Thx
from Joe Lutz (CA) to Everyone:
@Renjen ..if you update the email in LDAP then any new requests for email should be read from LDAP unless you are using an older model to populate the Arcot DB .. The program is hihgly customizable so we would need to review your configuration to determine how this is setup
from Renjen to Everyone:
ok, Thx
from Renjen to Everyone:
REST API – what format we should use for this (the same format that is working with webservice calls are not working), is there a specific format we need to enter for RST API ? Thx
from Kristen Palazzolo (CA) to Everyone:
Now Available - CA Advanced Authentication 8.1.3: New Features 200 https://communities.ca.com/thread/241761410
from Joe Lutz (CA) to Everyone:
@Renjen .. Are you refering to an open issue?
from Joe Lutz (CA) to Everyone:
@Renjen http://www.ca.com/us/services-support/ca-support/ca-support-online/knowledge-base-articles.tec1635435.html
from Renjen to Everyone:
yes, I know this chat is not for an open issue but want to see if we have to use a different format than webservice for REST API . Thx
from Eduard Palomeras to Everyone:
Where can I find samples built with the plug-in SDK?
from Joe Lutz (CA) to Everyone:
@Renjen Have you read this tech doc .. We can review your specific error within the confines of your support issue
from Joe Lutz (CA) to Everyone:
http://www.ca.com/us/services-support/ca-support/ca-support-online/knowledge-base-articles.tec1635435.html
from Renjen to Everyone:
wiill check, Thx
from Renjen to Everyone:
Joe, Thx
from Joe Lutz (CA) to Everyone:
@Eduard I believe the only samples we include are packaged with SDK downloads... have you reviewed the downloads already?
from Renjen to Everyone:
Is there a default expiry days for Global Admin and MasterAdmin accounts ? Thx
from Eduard Palomeras to Everyone:
where can I find the SDK download?
from Vikram Mullachery to Everyone:
How deeply integrated is the Advanced Auth with CA SSO? For instance for features like Session Assurance
from Joe Lutz (CA) to Everyone:
@Renjen The default is 180 days .. this is configured by the organization that you create .. please see the "Basic Authentication Policy" in the Admin screens
from sankha(CA) to Everyone:
@Edward can you please provide mode details of which plugin you are looking for? which component?
from Eduard Palomeras to Everyone:
SDK c++ plug-in sample
from Eduard Palomeras to Everyone:
thanks!
from Renjen to Everyone:
@Joe, Thx
from Joe Lutz (CA) to Everyone:
@Vikram Them integration does not effect most features of CA SSO so we do not need to integrate with these. If you enable session Assurance it will work with the AdvAuth integration the same way Session Assurance works with other authentication modules
from sankha(CA) to Everyone:
@Edward , for Stromg Auth SDK c plugins we dont have sample as such, but after installation you can get the webfort-plugin-cpp-interface.html at $ARCOT_HOME/sdk/server/plugin folder
from Kristen Palazzolo (CA) to Everyone:
13 minutes left! Get your final questions in now!
from Jim Lundell to Everyone:
Is CA's Adv. Auth (Arcot ID) still applicable in the scenario where CA SSO is used as a SAML SP to generate credentials?
from Joe Lutz (CA) to Everyone:
@ Jim .. I dont see why not. ADV Auth acts like any other SSO auth Scheme .
from Joe Lutz (CA) to Everyone:
@ Jim You may want to discuss how to do this with CA SSO
from Jim Lundell to Everyone:
Thanks for your reply!
from Kristen Palazzolo (CA) to Everyone:
That's all the time we have for today!
from Kristen Palazzolo (CA) to Everyone:
Join us again next time!
from Kristen Palazzolo (CA) to Everyone:
I'll post the chat transcript from today's session later today in the CA Security Community.
from Renjen to Everyone:
Thanks!
from Jeff Limpert to Everyone:
Thank you

Attachments

    Outcomes