Patrick-Dussault

Tech Tip : CA Single Sign-On : Siteminder password Management

Discussion created by Patrick-Dussault Employee on May 16, 2018

Question:


I'd like to know :

- How are user passwords stored in Active Directory ?
- How admin passwords are stored in my Active Directory ?

 

Answer:

 

Actually, CA Single Sign-On doesn't store the passwords directly but
the Active Directory itself. So when you are using Password Services,
and requesting user to change their password, CA Single Sign-On will
do a LDAP bind with the user credentials and will request to modify
the password to the Active Directory, using the attributes you have
mapped when defining the User Directory. Then the Active Directory
decides how to store the password.

 

For more information you can check the following:

 

 

How to Configure Password Policies
https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/configuring/policy-server-configuration/password-services-and-policies/how-to-configure-password-policies

 

 

SSO - Basic Password service integration with Active Directory
https://communities.ca.com/thread/241790640-sso-basic-password-service-integration-with-active-directory

 

 

Tech Tip - CA Single Sign-On:Policy Server: Read Password Blob Utility
https://communities.ca.com/community/ca-security/ca-single-sign-on/blog/2016/02/29/tech-tip-ca-single-sign-onpolicy-server-read-password-blob-utility

 

 

and about encryption

 

 

Manage Encryption Keys
https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/administrating/manage-encryption-keys

 

Using FIPS-Compliant Algorithms
https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/upgrading/using-fips-compliant-algorithms

 

FIPS 140-2 Algorithms

https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/administrating/manage-encryption-keys/fips-140-2-algorithms

 

KB : KB000096310

Outcomes