suaal01

Tech Tip - CA Single Sign-On: Policy Server's TLS/SSL Supportability

Discussion created by suaal01 Employee on Jun 16, 2015
Latest reply on Jun 17, 2015 by Josh Perlmutter
1. Communication between WebAgent and Policy Server
===================================================
The SiteMinder Policy Server does not support SSL/TLS with the its own
clients (i.e: WebAgent).
However, the communication channel between the Policy server and its clients
is secured through CA's proprietary encryption implementation.
2. Communication between Policy Server and Database servers
===========================================================
When SSL/TLS is configured, only communication channel between the Policy
Server and Database server is secured with SSL/TLS.
a. LDAP/Active Directory over LDAP namespace:
- SiteMinder Policy Server version less than 12.51:
The SiteMinder Policy Server uses an older version of Mozilla LDAP SDK to
communicate with the LDAP server that only supports SSL v3.
- SiteMinder Policy Server version 12.5 and above:
The SiteMinder Policy Server uses an updated version of Mozilla LDAP SDK
that supports TLS 1.1 and 1.2
b. Oracle ODBC, DB2, MySQL:
- All SiteMinder Policy Server versions:
The policy Server uses Progress DataDirect driver that supports SSL and
TLS 1.1 and 1.2
c. Microsoft SQL:
- SiteMinder Policy Server version less than 12.51
The SiteMinder Policy Server uses an old version of Progress DataDirect
driver that does not support SSL/TLS.
- SiteMinder Policy Servers version 12.51 and above
The SiteMinder Policy Server uses an updated version of Progress
DataDirect driver that supports SSL and TLS 1.1 and 1.2
d. Active Directory:
- All SiteMinder versions:
The SiteMinder Policy Server uses Microsoft Window's native driver to
connect to Active Directory.
Therefore support of SSL and TLS 1.1 and 1.2 depends on each Windows
version.

Outcomes