Tech Tip : CA Single Sign-On : Siteminder password Management

Discussion created by Patrick-Dussault Employee on May 16, 2018


I'd like to know :

- How are user passwords stored in Active Directory ?
- How admin passwords are stored in my Active Directory ?




Actually, CA Single Sign-On doesn't store the passwords directly but
the Active Directory itself. So when you are using Password Services,
and requesting user to change their password, CA Single Sign-On will
do a LDAP bind with the user credentials and will request to modify
the password to the Active Directory, using the attributes you have
mapped when defining the User Directory. Then the Active Directory
decides how to store the password.


For more information you can check the following:



How to Configure Password Policies



SSO - Basic Password service integration with Active Directory



Tech Tip - CA Single Sign-On:Policy Server: Read Password Blob Utility



and about encryption



Manage Encryption Keys


Using FIPS-Compliant Algorithms


FIPS 140-2 Algorithms


KB : KB000096310