Symantec Access Management

hello!

Just wanted to know if someone can direct me to steps on how to configure CA SSO as service provider. We have created a local IDP , remote SP and the connection, but not entirely sure how to proceed. It would be great to get some detailed steps.

Thanks!

Lalitha

Refer to this video CA SiteMinder® Federation Demo - YouTube 

Since CA SSO is Service Provider, on CA SSO end we would create a local SP, Remote IdP and SAML 2.0 SP-->IdP Partnership (exactly reverse of what you have described i.e. We have created a local IDP , remote SP and the connection).

Start by Creating Entity Objects

Entity-1 : Local SP CA SSO

Entity-2 : Remote IdP (You can import IdP's Metadata)

Move ahead with Partnership

SAML 2.0 SP --> IdP Object from the Drop-Down in Partnership.

These are just the WAMUI objects and WAMUI side of configuration (Policy Server and Policy Store). I am hoping you have completed necessary pre-requisite installs on WA-WAOP or CA Access Gateway which would act as the front end (hosts all the endpoints URLs).

Hi,

Sorry, I have created a remote IDP and local SP but have typed it wrong here. 

Should we also create a SAML2.0 Authentication scheme? we are using partnership federation. 

Will local SP, remote IDP and the connection suffice?

Thanks,

Lalitha

No need to create the SAML 2.0 Authentication Scheme. That was the old model using Legacy Federation.

In Partnership Federation there are 3 mandatory objects...

A. Entity - IdP (Remote or Local; based on the Role Local IdP or Remote IdP).

B. Entity - SP (Remote or Local; based on the Role Local SP or Remote SP).

C. Partnership (where we link both the Entity i.e. IdP to SP or SP to IdP; based on the flow).

D. Optional for PoC (but recommended / mandatory for Test / Production ENV) X509 Certificates for Signing / Encryption. Refer to X509 Certificate Management in WAMUI.

Hi Lalitha,

Refer : how to configure SSO as an SP 

Regards,

Leo Joseph.