Symantec Access Management

  • 1.  Sharepoint 2010 and CA SSO Federation?

    Posted Jul 13, 2016 02:44 PM

    Hi,

     

    I was wondering if Sharepoint 2010 can be integrated with CA SSO without installing the sharepoint agent?

     

    Since Sharepoint 2010 works with ADFS, via WS-FED, I wonder if it would also work with CA SSO SPS server acting as a federation gateway?

     

    Has anybody tried this before?

     

    Regards,

    Anand.



  • 2.  Re: Sharepoint 2010 and CA SSO Federation?
    Best Answer

    Posted Jul 13, 2016 06:06 PM

    Anand anand3g

     

    If we think only from SSO into SharePoint - You are correct - we can use a CA Access Gateway instead of CA SharePoint Agent.

     

    But CA SharePoint Agent does not only provide SSO, but also provides other SharePoint Capabilities like Claims Search and Support for PeoplePicker functionality which is not present in CA Access Gateway. CA SharePoint Agent also has a SPConnectionWizard which create the Legacy WSFED Object within the Policy Store (you don't have to create a Legacy Object from Scratch using the WAMUI) AND most importantly it generates a powershell script which is needed to create the Trusted Identity Token Issuer on SharePoint.

     

    Further more from support perspective CA Certifies SharePoint Integration using CA SharePoint Agent. Thus has tested all common features of SharePoint using CA SharePoint Agent only.

     

    Thus by using CA Access Gateway, you miss out on all these capabilities and the configuration is far more error prone just to even configure a WSFED SSO. The only purpose CA Access Gateway serves is generating a WSFED to log the user into SharePoint, thats it and nothing more as far.

     

    I'd always go with CA SharePoint Agent for reasons listed, supportability and certified.

     

     

    Regards

     

    Hubert



  • 3.  Re: Sharepoint 2010 and CA SSO Federation?

    Posted Jul 14, 2016 10:44 AM

    Thanks a lot HubertDennis

     

    So does that mean if I do a normal WS-FED integration (assuming I don't need claims search and people picker), That won't be supported by CA?

     

    Dare I ask if there is any documentation of just the WS-FED integration with Sharepoint?

     

    Regards,

    Anand.



  • 4.  Re: Sharepoint 2010 and CA SSO Federation?

    Posted Jul 14, 2016 10:58 AM

    Anand

     

    I would not rather comment on the Supportability because of these reasons stated above. I would suggest connecting with your CA Account Manager and reaching out to CA Product Management to seek the final answer. I cannot predict at this moment even in scope of only WSFED what challenges we'd face when we put CA Access Gateway in front of SharePoint as this is something we have not tested (Certainly from the exterior CA Access Gateway and CA SharePoint Agent look alike - but there are differences as CA SharePoint Agent is tailored specifically for SharePoint whereas CA Access Gateway is not). I would not want to lead you into something which I am 100% not certain, additionally I would not want Support getting tangled in something uncanny when we hit a road block because we went down the path of CA Access Gateway frontending SharePoint. It would be a really uncomfortable position for all parties. Hence speak to Product Owners via Account Manager.

     

    Documentation : Refer to the generic WSFED Federation guide if you are looking into generic WSFED OR look into the CA SharePoint Agent Guide.

     

    Implementing Federation in Your Enterprise - CA Single Sign-On - 12.52 SP1 - CA Technologies Documentation

     

    CA SiteMinder Agent for SharePoint - Source Home - CA Single Sign On Agent for SharePoint - 12.52 SP1 - CA Technologies …

     

     

    Regards

    Hubert