Symantec Access Management

  • 1.  SSO for Other domain by CA Siteminder

    Posted May 21, 2015 01:59 PM

    Can anybody answer the possibility please?

     

    An application resides in abc.com domain.

    The people who are resides in xyz.com want to access that application with SSO of xyz.com

    We don't have access to install any web agent in xyz.com. Only they provide access to LDAP port to access user accounts.

     

    Can we do that SSO using NTLM authentication of xyz.com by CA Siteminder?

     

    Regards,

    Saravana



  • 2.  Re: SSO for Other domain by CA Siteminder

    Posted May 21, 2015 02:25 PM


  • 3.  Re: SSO for Other domain by CA Siteminder

    Posted May 21, 2015 02:50 PM

    The application is CA Service Desk.And EEM also in place. Both applications are registered in abc.com

     

    But  I need SSO for xyz.com people, when they access this CA SDM.

     

    Is it possible?

     

    Regards,

    Saravana



  • 4.  Re: SSO for Other domain by CA Siteminder

    Posted May 21, 2015 03:12 PM

    have you thought about a cross domain cookie provider?

    Let me google that for you

     

    try the third hit...



  • 5.  Re: SSO for Other domain by CA Siteminder

    Posted May 21, 2015 07:19 PM

    The thing that one needs to ponder before opting a SSO solution

    1. I have 2 Web Domains i.e. www.abc.com and www.xyz.com - in wider organisational are these both web domains part of the same Company?
      1. Same Company? Cookie Domain Solution
      2. Partners? Federation
      3. Sister Companies OR mergers? Federation shorter, longer term Cookie Domain Solution as users would then reside in one Central Identity Repositary.
    2. What is the Identity Store for www.abc.com and www.xyz.com - are they the same Identity Store or are they different.
      1. Same? Cookie Domain Solution
      2. Different? Probably Federation OR Directory Mapping (provided Conditions in 1.3 apply).

     

     

    Regards

     

    Hubert



  • 6.  Re: SSO for Other domain by CA Siteminder

    Posted May 21, 2015 10:38 PM

    Hi Hubert,

     

    Both www.abc.com and www.xyz.com are different companies having different AD. It is like www.xyz.com is a customer of www.abc.com

     

    Due to CA SDM resides in www.abc.com, if I enable windows authentication, ABC peoples can get SSO.

     

    But xyz.com peoples are external customer who want to authenticate via EEM to CA SDM.

     

    So I created a User directory in Siteminder to pull xyz.com user records and I am able to View contents of xyz.com user accounts.

     

    Then I configured EEM to use the Siteminder as user store. This also successfully integrated that I am able to see Manage identities of xyz.com user accounts.

     

    Now CA SDM is configured to use EEM authentication in access type.

     

    Now I have to do SSO for xyz.com people to authenticate into CASDM by their domain

     

    Note: we cannot install any web agent in www.xyz.com domain as they provide only their LDAP port open to read user accounts.

     

    Please help me to achieve this.

     

    Thanks,

    Saravana



  • 7.  Re: SSO for Other domain by CA Siteminder

    Posted Jun 02, 2015 10:52 AM

    HubertDennis are you able to offer Saravana any further guidance to his latest questions?

     

    Thanks!



  • 8.  Re: SSO for Other domain by CA Siteminder

    Posted Jun 09, 2015 03:34 AM

    Hi Hubert,

     

    Do you want to give any more suggestions on this please?

     

    Thanks,

    Saravana



  • 9.  Re: SSO for Other domain by CA Siteminder
    Best Answer

    Posted Jun 18, 2015 10:52 AM

    Federation is the solution, as you have confirmed that both are different entities and possess their own respective Identity Stores.

     

     

    What does this mean? Does it mean you created a SiteMinder User Directory Object for xyz.com within Company abc.com and you are pulling user records from xyz.com into abc.com?

    • So I created a User directory in Siteminder to pull xyz.com user records and I am able to View contents of xyz.com user accounts.


  • 10.  Re: SSO for Other domain by CA Siteminder

    Posted Jun 20, 2015 03:31 AM

    Yes. You are correct. I created a user directed in siteminder to pull records of xyz.com