Scenario
The security auditors have been combing through your CA SSO environment. They have issued a finding that a sample of your realms have idle timeouts greater than the maximum value prescribed by corporate security guidelines. You are now required to conduct a complete audit of all realm timeouts and develop a plan to reduce any timeouts that exceed guidelines.
Restriction
The sm_idle_timeouts script was developed using the SiteMinder Perl API to address this problem for legacy domains. Application domains are out of scope because the Perl API cannot access XPS objects, but the coding logic in sm_idle_timeouts could be used as a model for developing a similar tool using the Java API or, for CA SSO 12.6 or higher, the REST API.
Solution Overview
The sm_idle_timeouts tool set is comprised primarily of two files:
- sm_idle_timeouts_v0.1.6_2018-09-25 – the latest version of the Perl script
- Domains.txt – an input file used by the Perl script. This input file facilitates processing a large number of domains without having to enter them manually on the command line or during script execution.
Modifying dozens or hundreds of domains and an even greater number of realms via the WAMUI would be time consuming and potentially prone to error, so this script offers a far more efficient way to update the idle timeout for a large number of realms.
Please see the attached zip file for the perl script, additional documentation and supporting files.
The content of the Word document should probably be migrated to a template with suitable branding, etc. Any pointers and recommendations are welcome.