Reference docs
https://support.ca.com/cadocs/0/CA%20SiteMinder%2012%2052-ENU/Bookshelf_Files/HTML/idocs/index.htm?toc.htm?1814733.html
https://docops.ca.com/ca-single-sign-on-1252sp2/en/configuring/policy-server-configuration/authentication-schemes/openid-authentication-scheme
Question: Yahoo provider works. But google doesn't as OpenID Authentication Scheme.
I am trying to use Google as the OpenID provider. Seems like the google url in C:\Program Files\CA\webagent\win64\samples\forms\openid.fcc on WebServer is not correct.
var providers_large = {
google : {
name : 'Google',
url : 'https://www.google.com/accounts/o8/id'
},
Is this an URL issue or something. Can somebody spot the issue?
If it is URL issue, what should the url be?
There has been discussion over url here. Tried both.
Two Different Google OpenID URLs - Stack Overflow
On SM VM, C:\Program Files (x86)\CA\siteminder\config\properties\Openidproviders.xml has required claim as email for google provider, similar to yahoo.
<TrustedOpenIDProviders>
<OpenIDProvider >
<ProviderName>
google.com
</ProviderName>
<RequiredClaims>
<claim>
<URI>
http://axschema.org/contact/email
</URI>
<alias>
email
</alias>
</claim>
</RequiredClaims>
<OptionalClaims>
</OptionalClaims>
<Pape>
<max_auth_age>
0
</max_auth_age>
<Policies>
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier
</Policies>
</Pape>
</OpenIDProvider>
<OpenIDProvider RequestType="ax">
<ProviderName>yahooapis.com</ProviderName>
<RequiredClaims>
<claim>
<URI>http://axschema.org/contact/email</URI>
<alias>email</alias>
</claim>
</RequiredClaims>
<OptionalClaims>
</OptionalClaims>
<Pape>
<max_auth_age>
0
</max_auth_age>
<Policies>
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier,
http://www.idmanagement.gov/schema/2009/05/icam/openid-trust-level1.pdf
</Policies>
</Pape>
</OpenIDProvider>
Getting the following error.
[02/11/2016][19:40:46.691][19:40:46][4692][2884][Sm_Auth_Message.cpp:416][CSm_Auth_Message::AuthenticateUser][000000000000000000000000030da8c0-0188-56bd2a0e-0b38-02ac3a2d][iis_agent][/transpolar/employee/employee.jsp][][][EmployeeArea][][][][][][][][][][][][][][][Authenticating user.]
[02/11/2016][19:40:46.694][19:40:46][4692][2884][SmAuthUser.cpp:649][ServerTrace][][][][][][][][][][][][][][][][][][][][Exception occured while discovery for identifierhttps://www.google.com/accounts/o8/id][SMAuthOpenID:preAuthenticate: Exception occured while discovery for identifierhttps://www.google.com/accounts/o8/id]
[02/11/2016][19:40:46.694][19:40:46][4692][2884][SmAuthUser.cpp:649][ServerTrace][][][][][][][][][][][][][][][][][][][][Exception Message:0x706: GET failed on https://www.google.com/accounts/o8/id : 404][SMAuthOpenID:preAuthenticate: Exception Message:0x706: GET failed on https://www.google.com/accounts/o8/id : 404]
[02/11/2016][19:40:46.694][19:40:46][4692][2884][SmAuthUser.cpp:649][ServerTrace][][][][][][][][][][][][][][][][][][][][Discovery failed for the identifier https://www.google.com/accounts/o8/id][SMAuthOpenID:preAuthenticate: Discovery failed for the identifier https://www.google.com/accounts/o8/id]
[02/11/2016][19:40:46.694][19:40:46][4692][2884][Sm_Auth_Message.cpp:1271][CSm_Auth_Message::AuthenticateUser][000000000000000000000000030da8c0-0188-56bd2a0e-0b38-02ac3a2d][iis_agent][/transpolar/employee/employee.jsp][][][EmployeeArea][][AD_Directory][][][][][][][][][][][][][Evaluating OnAuthAttempt policy...]
[02/11/2016][19:40:46.694][19:40:46][4692][2884][SmAuthorization.cpp:1237][CSmAz::IsOk][][][][][][][][][][][][][][][][][][][][][Enter function CSmAz::IsOk]