Symantec Access Management

  • Private Community

  • 1.  Creating Authorization server for OAUTH2.0 application.

    Posted Jan 23, 2018 05:19 AM

    How to create an Authorization server in CA SiteMinder and what are the APIs are there in the CA SiteMinder to support OAUTH2.0.

    I did not find any document which suggest the steps need to be taken to create Authorization server.

    It is very easy adding Authorization server for  OAUTH2.0 application on Okta.

     

    Please help asap..



  • 2.  Re: Creating Authorization server for OAUTH2.0 application.

    Posted Jan 23, 2018 12:24 PM

    If you're using the CA API Gateway, then that would be your Authorization Server using the OAuth Toolkit I would imagine.

     

    CA API Management OAuth Toolkit - Home - CA API Management OAuth Toolkit - 4.2 - CA Technologies Documentation 

     

     

    And then offload the authentication event itself from API GW -> CA SSO by customizing the log in flow. 

     

    Support Optional Authentication Mechanisms - CA API Management OAuth Toolkit - 4.2 - CA Technologies Documentation 

     

    CA SSO itself, without the API GW, supports OIDC Provider with 12.7. But doesn't have the same fuller feature set of OAuth 2.0 support that API GW has so far as I've seen (but easier to setup and manage if all you need is OIDC primarily and optionally some static scopes  ).

     

    Edit: Well it was moved from the API Community so my response above doesn't make as much sense! Assumed it was API GW related since it was there lol.

     

    =======

    For CA SSO you need 12.7 and Access Gateway. The instructions at Docops pretty much spell it all out pretty well to support OIDC Provider.

     

    Use CA Single Sign-On as OpenID Connect Provider - CA Single Sign-On - 12.7 - CA Technologies Documentation 

     

    If that's all you need, it's actually pretty painless to get rolling with it by setting up the secure redirect.jsp realm, create the OAuth Provider and register some clients. 



  • 3.  Re: Creating Authorization server for OAUTH2.0 application.

    Posted Jan 23, 2018 09:08 PM

    Ca's official stance is that Ca SSO product will be never made to act as OAuth Authorization Server(forcing customers to buy another product or go away from their SSO product to other AM products like Okta,OpenAM which provide all together) although in latest versions (12.7/8) it has those capacbilities inherently to support OIDC.



  • 4.  Re: Creating Authorization server for OAUTH2.0 application.

    Posted Jan 24, 2018 06:01 AM

    So implementing OIDC, do i need to installer of CA, means how can we configure the Authorization server.

    Do you have the steps to do that.



  • 5.  Re: Creating Authorization server for OAUTH2.0 application.

    Posted Jan 24, 2018 07:05 AM

    mksmanjit

     

    Please refer to these blogs for Step by Step instructions for OIDC implementation using CA SSO as OIDC Provider.

    CA SSO OpenID Connect Provider - Agentless SSO 

    CA SSO OpenID Connect Provider - with Apache OpenID Client 



  • 6.  Re: Creating Authorization server for OAUTH2.0 application.

    Posted Jan 25, 2018 04:16 AM

    Hi Hubert,

    In the document CASSO_OIDC-to-Apache+Mod_Auth_OpenIDC-RunBook-v1.2.pdf, In below section

     

    Authorization Provider Configuration

    Create signing certificate for CA SSO IDP – sso.demo.com

     

    how to create sso.demo.com like application and i see UI of it but didn't get how to open that UI, Is there any URL for doing configuration of Authroization provider.

    Does CA has a web UI where we can configure Authroization Provider?

     

    Please help..