Symantec Access Management

  • Private Community

  • 1.  Integrating our Company application with CA Siteminder

    Posted Apr 27, 2018 03:27 AM

    Using the free trial account we have configured an app as the service provider and CA Siteminder as the identity provider. The SP details have been added to the "Enter Metadata Manually" section of the SP information tab under App -> Configure.

    While adding the IP information into the saml.config of our application we noticed that the value for the "PartnerIdentityProvoder" Name attribute was not provided and hence the application would not run successfully.

     

    Below is the saml.config hat we have:

     

    <PartnerIdentityProvider Name="NEED THE IDENTITY PROVIDER NAME HERE"         
    SignAuthnRequest="true"
    WantAssertionOrResponseSigned="true"
    WantAssertionEncrypted="true"
    UseEmbeddedCertificate="true"
    SingleSignOnServiceUrl="https://api.security.com/passport/sp/gsaml/init?aid=60d857a4-8118-4027-99dd-daae2515163f"
    SingleLogoutServiceUrl="https://api.security.com/passport/sp/gsaml/logout?aid=60d857a4-8118-4027-99dd-daae2515163f"/>   

     

    We tried adding the Issuer value for the name attribute as ""https://api.security.com" but to no avail.

     

    Kindly help us in resolving this issue by providing the completed PartnerIdentityProvider section of the saml.config.

     

    Regards,

    Amith



  • 2.  Re: Integrating our Company application with CA Siteminder

    Broadcom Employee
    Posted Apr 27, 2018 03:31 PM

    Ultimately the application developer/vendor would have to clarify what value is expected in that field, however, it is most likely the Identity Provider ID, or IDP ID that is needed here.  I hope this helps.



  • 3.  Re: Integrating our Company application with CA Siteminder

    Posted Apr 30, 2018 10:48 AM
      |   view attached

    Hi Peter,

     

    The solution you have provided was the core of my question asked.

    I was actually asking for the “Identity Provider ID” to be used as value for the Name attribute of the “PartnerIdentityProvider” section of the saml.config.

     

    I was assuming someone from the CA team can help me with this value. I have received the other values required in the “PartnerIdentityProvider” section from the “Identity Provider Information” while configuring the App as shown below.

     

     

     

     

    The values for SingleSignOnServiceUrl and SingleLogoutServiceUrl provided from the above pic works well in the saml.config I am using. But as mentioned I am missing the value for Name attribute.

     

    Below is the saml.config that we have:

     

     

     

     

    We had configured the same scenario successfully using the ADFS as the IDP where we had the value for the name attribute as follows:

    http://**********.com/adfs/services/trust

    and this worked out very well.

     

    So I was under the impression that the team from CA will provide me with this value (for the NAME attribute ) as the other values for the other attributes in the saml.config was provided in the CA site itself.

     

    Kindly let me know if you need any further information.

     

    Thanks for the help in advance.

     

    Regards,

    Amith