Symantec Access Management

  • Private Community

  • 1.  Is there a service available in CA SSO (or SPS) to return decrypted information from SMSAMLDATA cookie?

    Posted Nov 13, 2018 09:58 AM

    Is there a service available in CA SSO (or SPS) to return decrypted information from SMSAMLDATA cookie?



  • 2.  Re: Is there a service available in CA SSO (or SPS) to return decrypted information from SMSAMLDATA cookie?

    Posted Nov 13, 2018 06:46 PM

    Marc.Bergeron

     

    SMSAMLDATA is encrypted in HTTP_HEADER redirect mode but need plain headers 

     

    My personal preference is to use "Persist Authentication Session Variables" rather than SMSAMLDATA approach.



  • 3.  Re: Is there a service available in CA SSO (or SPS) to return decrypted information from SMSAMLDATA cookie?

    Posted Nov 14, 2018 12:31 PM

    Hi,

     

    I forgot to mention that the component that need that information is not behind an CA SSO agent or SPS. That's why I need a service to respond that information. In fact, the component is CA API Gateway. The API Gateway will receive a request that will have SMSAMLDATA cookie but it cannot decrypt it, so it will query a service to CA SSO to get the SMSAMLDATA content. Then, API Gateway will query a service that need that information by adding them to the claims. 



  • 4.  Re: Is there a service available in CA SSO (or SPS) to return decrypted information from SMSAMLDATA cookie?

    Posted Feb 05, 2019 01:36 PM

    Hi Marc

     

    I also have same query using CA API Gateway, Were you able to resolve this issue, if yes please share how

     

    Regards



  • 5.  Re: Is there a service available in CA SSO (or SPS) to return decrypted information from SMSAMLDATA cookie?
    Best Answer

    Posted Feb 05, 2019 01:42 PM

    Hi,

     

    I had to create my own Web service with a Siteminder agent on it.

     

    The agent decrypt and write the headers and my service reads the headers and reply back to the API Gateway in JSON format…

     

    It’s not the best solution but it works…

     

    Hope it will help you!

     

    De : Akshat12

    Envoyé : 5 février 2019 13:37

    À : Bergeron, Marc <Marc.Bergeron@ia.ca>

    Objet : Re:  - Re: Is there a service available in CA SSO (or SPS) to return decrypted information from SMSAMLDATA cookie?

     

    CA Communities <https://urldefense.proofpoint.com/v2/url?u=https-3A__communities.ca.com_-3Fet-3Dwatches.email.thread&d=DwMCaQ&c=-XqkOF0ZfCjWvvlJgdtbuQ&r=9ULd1Ct2u9OhdgitjY0kYed4ENutDX1wRm1HVVA024E&m=oi6ShkPCbtlOrxO3KR0MvrbMNm1p1gc6KC7oyaoBmwA&s=X2t8KzI2EnThznj_EmrtSfxdekM6p2-7IN4rLYxMgYE&e=>

     

     

    Re: Is there a service available in CA SSO (or SPS) to return decrypted information from SMSAMLDATA cookie?

     

    reply from Akshat12<https://urldefense.proofpoint.com/v2/url?u=https-3A__communities.ca.com_people_Akshat12-3Fet-3Dwatches.email.thread&d=DwMCaQ&c=-XqkOF0ZfCjWvvlJgdtbuQ&r=9ULd1Ct2u9OhdgitjY0kYed4ENutDX1wRm1HVVA024E&m=oi6ShkPCbtlOrxO3KR0MvrbMNm1p1gc6KC7oyaoBmwA&s=g5RJID7INaXeKJcgC0Rh5Vx_RNuhbv-Jf7jkuRXLGCY&e=> in CA Single Sign-On - View the full discussion<https://urldefense.proofpoint.com/v2/url?u=https-3A__communities.ca.com_message_242164351-2Dre-2Dis-2Dthere-2Da-2Dservice-2Davailable-2Din-2Dca-2Dsso-2Dor-2Dsps-2Dto-2Dreturn-2Ddecrypted-2Dinformation-2Dfrom-2Dsmsamldata-2Dcookie-3FcommentID-3D242164351-26et-3Dwatches.email.thread-23comment-2D242164351&d=DwMCaQ&c=-XqkOF0ZfCjWvvlJgdtbuQ&r=9ULd1Ct2u9OhdgitjY0kYed4ENutDX1wRm1HVVA024E&m=oi6ShkPCbtlOrxO3KR0MvrbMNm1p1gc6KC7oyaoBmwA&s=iiI_lwrWrXphCuA9Up4RvpYq_1ymNDn_WFamML8vAe4&e=>