Symantec SiteMinder Community Blog

  • Private Community
 View Only

Digital Transformation, Modern Applications, and SiteMinder, a Great Trio

By Herbert Mehlhorn
Digital transformation is the oft used phrase to describe the most recent evolution of connecting an organization and its constituents, such as customers, partners, citizens, employees, and even regulators via software. This current wave of evolution is driven by a number of technical advancements that provide organizations even greater ability to design and deliver software, as a modern application, unlocking more business value while improving a user’s interactive experience. For most organizations, embracing digital transformation is not a process stove piped within a single narrow time frame. It is built on top of multiple historic digital transformation ...
0 comments

New Security Capability introduced in Symantec Directory 14.1 SP2

By Madhusudhan Yoganath
Recon is almost always the first step hackers, resort to understand the various ways they can hack their target organization. LDAP reconnaissance is a type of internal recon technique used to discover users, groups and other critical information. Adversaries can use LDAP queries mostly using modern tools or directly, to increase their knowledge of the environment, which can help them find targets and plan the next stages of their attack. It is important that we mitigate the attacks by providing maximum security possible in order to make it harder for hacker’s recon technique to uncover more about the target’s environment. In the latest 14.1 SP2 release ...
0 comments

Application Logging in Kubernetes

By Becca Parks
Hi All! Read this article by Uzi Cohen to learn how to handle the collection and aggregation of logs from applications running in containers on Kubernetes into centralized log storage. https://bit.ly/2FNzup2 Also, stay tuned for more in this blog series, focused around Kubernetes and Symantec SiteMinder!
0 comments

OpenID Connect Flow: Have you made the right choice of flow for your application?

By Madhusudhan Yoganath
As more and more digital business initiatives emerge, which require applications and data to be accessed by those outside the corporate perimeter, the adoption of federation technologies has risen dramatically. Among these technologies, OpenID Connect is starting to take more relevance as a modern framework of flows, which enables clients of all types, including Web-based, mobile, and JavaScript clients, to request and receive information about authenticated sessions and end-users. If you are not familiar with OpenID Connect, it is an identity standard built on top of OAuth 2.0 protocol. It allows applications to verify the identity of the end-user based ...
0 comments

Forced Re-Authentication: What Is It?

By Madhusudhan Yoganath
As businesses move toward engaging their customers and employees through more digital experiences, there is an increasing risk to security due to the widening of the attack surface. This is driven by the adoption of emerging technologies across distributed architectures and the proliferation of devices and other digital interfaces. With the anywhere, anytime access expected by consumers, identity becomes the new enterprise perimeter, maintaining data security and privacy while granting appropriate access based on the user, device, and application. But security concerns don’t end when a user successfully authenticates. Session hijacking is a growing and dangerous ...
0 comments

New SiteMinder Webinar: Facilitating Secure DevOps

By Ora Niknamfard
Hi Access Management community members! We have a new 20-minute webinar, Facilitating Secure DevOps, by @Herbert Mehlhorn , Product Management leader for Access Management at Broadcom. ​Check it out here and let us know what you think! Webinar description: The unyielding demand facing all IT professionals today is to accelerate the ability to meet the needs of the business. Achieving that goal requires deploying applications for your internal and external constituents at a faster rate while meeting stricter and stricter compliance and security requirements. This webinar provides insight into how Layer7 SiteMinder can support that goal today and how it will ...
0 comments

HowTo – Integrating OTK with external Login-Server

By Uzi Cohen
Sascha Preibisch's Blog: HowTo – Integrating OTK with external Login-Server Posted by Sascha Preibisch Oct 4, 2016 Many of our customers have asked us to support easy integration of OTK with an external, existing Login-Server. Until now it was easy to connect to an external IDP but that is not always sufficient. Well, we have listened and have updated OTK-3.5.00 to support this scenario. This blog post describes how it works. Starting point: fresh install of OTK-3.5.00 With this version, OTK introduces new API’s. In addition to /auth/oauth/v2/authorize, the API’s /auth/oauth/v2/ authorize /login and /auth/oauth/v2/authorize /consent ...
1 comment

Announcement regarding Layer7 Directory Support for AdoptOpenJDK

By Rob Lindberg
Layer7 Technologies, a Broadcom Company, is continually working to improve our software and services to best meet the needs of our customers. Broadcom/CA software products will be adding support for open-source implementations of Java. Specifically, we are incorporating support for an open source Java SDK – AdoptOpenJDK in Layer7 Directory. This notice is to inform that Layer7 Directory versions, 12.x and 14.x are now certified with AdoptOpenJDK 8. Customers now have an alternate option to use AdoptOpenJDK 8 instead of Oracle Java SDK. AdoptOpenJDK is a free and open-source implementation of Java Platform. What is AdoptOpenJDK? "AdoptOpenJDK ...
0 comments

Announcement regarding Layer7 Advanced Authentication support for AdoptOpenJDK

By Rob Lindberg
CA Technologies, a Broadcom Company, is continually working to improve our software and services to best meet the needs of our customers. Broadcom/CA software products will be adding support open-source implementations of Java. Specifically, we are incorporating support for an open source Java SDK – AdoptOpenJDK in Layer7 Advanced Authentication. This notice is to inform that Layer7 Advanced Authentication versions, 8.2 (any SP), 9.0 (any SP) and 9.1 are now certified with AdoptOpenJDK 8. Customers now have an alternate option to use AdoptOpenJDK 8 instead of Oracle Java SDK. AdoptOpenJDK is a free and open-source implementation of Java Platform. What is ...
0 comments

Announcement regarding Layer7 SiteMinder support for AdoptOpenJdk

By Herbert Mehlhorn
Please open the attached document. Layer7_SiteMinder_AdoptOpenJDK_Announcment_Final.pdf
0 comments

Did you know about these new ACO parameters?

By Madhusudhan Yoganath
In 12.8.2, we released new capabilities for the Access Gateway in Layer7 SiteMinder (formerly CA Single Sign-On), which can be configured using ACO parameters. Keep reading to see what these ACO parameters and the corresponding capabilities are. URITransform The URITransform feature provides a method for modifying all URIs in designated requests that Access Gateway processes, from an external version seen by outside users to an internal URI more suitable for policy evaluation. For example, query parameters can be converted to positional pathname fields that match resources in the policy definition. The transformation pattern is configurable via the ...
0 comments

Use JWT to Modernize the SiteMinder to APIM integration

By Ravi Kumar Kanukollu
This blog helps you understand how JWT powers the Layer7 APIM-Layer7 SiteMinder integration. This blog does not emphasize the technical details of JWT or the configuration details of CA APIM and CA SSO. Why do you care about managing access of transactions based on APIs and Web Flows? With the goal of delivering a smooth single sign-on experience to multiple applications, organisations want to shield users from the potential complexities of multiple authentication and authorization servers. As organizations continue to embrace Digital Transformation, they are deploying more and more access flows where users are interacting with ...
0 comments

Paramount need for Strong Session Security

By Madhusudhan Yoganath
2018 witnessed numerous breaches in large enterprises and government organizations, affecting billions of user records. The trend continues in 2019 and in short, there is no surprise in the statement that data breaches have become the norm across the world. Enterprises that process and store large volumes of PII, payment data and healthcare data were the primary target for hackers and will continue to be so, for years to come. Looking at last year, web application attacks were the most frequent attack vector pattern, observed in confirmed breaches, according to the 2018 Verizon Data Breach Investigations Report. Defending and securing your most ...
0 comments

Tech Tip : CA Single Sign-On JWT Authentication Scheme support for Forms Login page (FCC) using Web Agent

By BalaKishore Gaddam
Summary: JWT authentication is supported from CA SSO 12.8 release. It is supported with Access Gateway and SDK only, but not with web agents. This document provides how to use custom FCC for JWT authentication. Custom Web Forms (FCC) with JWT authentication gives the seamless integration login experience with web applications. Pre-Requisite: CA SSO 12.8+ Policy Server which supports JWT authentication Scheme. Any version of Web Agent or Access gateway, (This blog is prepared by testing the flow using 12.52 SP1 CR 09 Webagent GA Build) Using the Custom Form Page(FCC login page). Advantages: JWT authentication scheme can be supported ...
0 comments

When your digital signature is not enough

By Herbert Mehlhorn
User Authentication in SAML and OIDC federation Federation was designed to enable trustworthy access across separately managed domains of users and information. Described simply, in federation one domain (or organization) maintains a population of users and the methods available for those users to authenticate. The second, separate domain maintains the application or information the users want to access, and, accepts and validates the minted access pass issued by the first domain. By not having to manage the users’ account lifecycle and the user authentication process, this process enables the second domain to simplify their management tasks and lower ...
0 comments

Are you thinking of migrating your CA Single Sign-On deployment to AWS?

By Madhusudhan Yoganath
Many organizations are migrating elements of their IT infrastructure to the cloud and adopting a “cloud first” approach. It’s a significant step for CTOs/CIOs to take, as it requires a new mindset, new tooling and has an impact on people, processes and technology. But the rewards can be significant – lower TCO while benefiting from the cloud provider’s capabilities like easier provisioning, scalability and high availability for maintaining the support for the critical applications the business requires. Most of the savings is a result of optimizing resources for what they actually need and consume. In many cases, their on-premises capacity is likely to be over ...
0 comments

9 Key Benefits of Using A Session Store in Your CA Single Sign-On Deployment

By Madhusudhan Yoganath
Session store is required to persist user session data, authentication context data and other contextual attributes in both federation and non-federation flows. This not only provides enhanced session security but can also be applied across applications for an improved personalized experience for the end user . Let’s look at some of these flows where session store deployment is required, to understand the benefits in more detail. Accomplishing Single Logout flows in SAML 2.0 and Sign-Out flows in WS-Fed. If single logout is enabled, CA ...
2 comments

How mid-flight adjustments simplify access and relieve an identity headache!

By Ravi Kumar Kanukollu
In the world of digital technology, with rapid transformation of technologies supporting various business functions, you deal with disparate applications posing a variety of challenges. One such challenge of paramount importance is "Providing seamless access to users with uncompromised security". What you are finding as you introduce more SaaS applications and partner applications into your topology is that each application requires user attributes in a precise format, unfortunately, is not in the same format as they exist in your user store. You feel an identity headache coming on. The last thing you want to do is start introducing application-specific ...
0 comments

Accelerate Federation Management Using REST APIs

By Madhusudhan Yoganath
D evOps has become a widespread practice not just to continuously integrate software in a more automated way, but it has evolved towards more continuous delivery in production. REST APIs are key enablers of these workflows in DevOps by helping with the required automations to save cost and drive agility. In 12.7 , We introduced REST APIs for Policy Object administration which allows you to create, read, update, and delete objects including SAML 2.0 federation entities and partnerships, and certificate services in the policy store. With the support of REST APIs provided in 12.7 onwards, it is possible to automate common administration tasks that are typically ...
3 comments

Five Goals for Your Identity and Access Management Operations Software Factory: Part IV

By kumni04
Goal #3: Developing Standardized, Reusable Components In our journey so far, we’ve discussed how to achieve our first two goals in building an IAM operations software factory, simplifying application onboarding and creating an enterprise IAM framework . In this blog, I will cover goal #3—developing standardized reusable components. Having standardized reusable components makes your IAM factory agile and efficient. However, since they are more complex than cookie-cutter components, standard reusable components require proper planning, strategy and investment in resources and funds. Surprisingly enough, many IAM stakeholders fail to leverage this goal—some ...
1 comment