Symantec Access Management

  • Private Community
Back to discussions
Expand all | Collapse all

CA SiteMinder SPS configuration:Authentication REST Interface requires input request to contain password in cleartext

  • 1.  CA SiteMinder SPS configuration:Authentication REST Interface requires input request to contain password in cleartext

    Posted Oct 30, 2015 05:46 AM

    Hi

    As part of protecting webservices (REST) through SiteMinder SPS configuration as documented at Configuring the Authentication and Authorization Web Services - CA SiteMinder® - 12.52 SP1 - CA Technologies Documentati… the input request need to be passed with user credentials where password is in clear text. Is there any way we can pass encrypted text.

    A URI in this format, http://hostname:port/authazws/AuthRestService/login/appID/Resource, posts the following request:

     

    <loginRequest>

     

          <binaryCreds></binaryCreds>

           <password>user1</password>

           <userName>user1</userName>

           <action>GET</action>       

    </loginRequest>



  • 2.  Re: CA SiteMinder SPS configuration:Authentication REST Interface requires input request to contain password in cleartext

    Posted Oct 30, 2015 08:55 AM

    nagra13

     

    This is similar to a Human entering Credentials on a Browser when challenged to login and our Credentials being sent from Browser to Server. We don't enter our encrypted passwords in Browser - right!

     

    Currently there is no way I believe to do this as this is a generic behavior. I would point you in the direction of an Enhancement Request, however I don't see the mileage in doing that unless, someone suggest otherwise.

     

    Please enable SSL so that any communication channel is over SSL. Additionally you could also enabled two-way SSL to further secure the data.

     

     

    Regards

     

    Hubert