Symantec Access Management

Expand all | Collapse all

Ca Single Sign On Web Agent option Pack

  • 1.  Ca Single Sign On Web Agent option Pack

    Posted Jun 15, 2018 05:14 AM

    Hi all, looking at CA Single Sign On download page

    CA Single Sign-On Hotfix/Cumulative Release Index - CA Technologies 

    it seems that latest available release for webagent Option pack is 12.52 Sp1 cr08
    I have a customer running CA SSO 12.52 Sp1 Cr08 and he is planning to upgrade to 12.8

    What about webagent option pack?

    It seems to me that the latest features as OpenIdConnect and JWT auth schema are available only with CA Access Gateway.

    What about customer that implemented Webagent Option Pack? is there a version of webagent agent option pack that make those new featuring availble?
    Thank you
    Best Regards



  • 2.  Re: Ca Single Sign On Web Agent option Pack

    Posted Jun 15, 2018 05:17 AM

    Below is the link to download the same :

     

    SSO WEBAGENT OPTION PACK R12.52 SP01 CR08 [#2504] 

     

    SSO WEBAGENT OPTION PACK R12.52 SP01 CR08 

     

    Regards,

    Ram,



  • 3.  Re: Ca Single Sign On Web Agent option Pack

    Posted Jun 15, 2018 05:21 AM

    I am sorry for the confusion, 

     

    You might have to use SPS for 12.8 ,

     

    Regards,

    Ram



  • 4.  Re: Ca Single Sign On Web Agent option Pack

    Posted Jun 15, 2018 05:46 AM

    Hi , 

     

    JSON Web Token (JWT) Authentication Scheme


    CA Single Sign-On supports JSON Web Token (JWT) template as an authentication scheme to authenticate and authorize the protected resources by accepting the JWT. The authentication scheme requires CA Access Gateway or CA Single Sign-On SDK for implementation.

     

    CA Single Sign-On as OpenID Connect Resource Server

     

    CA Single Sign-On can act as an OpenID Connect Resource Server for web resources that are protected by the JWT authentication scheme. CA Single Sign-On accepts JWT that is generated by any OpenID Connect Provider. This feature requires CA Access Gateway.

     

    New Features - CA Single Sign-On - 12.8 - CA Technologies Documentation 

     

    Release Comparison - CA Single Sign-On - 12.8 - CA Technologies Documentation 

     

    Regards,

    Leo Joseph.



  • 5.  Re: Ca Single Sign On Web Agent option Pack

    Posted Jun 15, 2018 06:46 AM

    My question come out since customer currently use federation services deployed with webagent option pack and they do not have a plan to include new servers for CA Access Gateway in their environment. Of course they can continue to use the current features (SAML federation and so on) but is there a plan to make openidconnect endpoint available in webagent option pack also? or no way,  the mainroad is to go for CA Access Gateway

    Thank you

    Best Regards



  • 6.  Re: Ca Single Sign On Web Agent option Pack

    Posted Jun 15, 2018 07:33 AM

    Hi, 

     

    As of now, we do not have any plan to release the webagent option pack, you might have to use SPS if you want to use the feature, 

     

     

    Regards,

    Ram,



  • 7.  Re: Ca Single Sign On Web Agent option Pack
    Best Answer

    Posted Jun 15, 2018 09:59 AM

    Hi , 

     

    I would request you to raise an Enhancement Request / Idea about the same.

     

    Regards,

    Leo Joseph. 



  • 8.  Re: Ca Single Sign On Web Agent option Pack

    Broadcom Employee
    Posted Jun 18, 2018 08:42 AM

    Hi Claudio,

     

    Please use the link below to file an enhancement request to include JWT support for Option pack 12.52 SP1 Next CR  

     

    Creating an ?Idea? (Enhancement Request) - CA Knowledge 



  • 9.  Re: Ca Single Sign On Web Agent option Pack

    Posted Jun 18, 2018 08:58 AM

    Hi Rahme i opened an idea, please vote at the following link:

    Web Agent Option pack enhancement 



  • 10.  Re: Ca Single Sign On Web Agent option Pack

    Broadcom Employee
    Posted Jun 18, 2018 09:01 AM

    Voted up on the request, I will send it to our team also to Vote for it

     

    Regards

    Joe



  • 11.  Re: Ca Single Sign On Web Agent option Pack

    Posted Jun 19, 2018 04:42 PM

    Similar idea was here - CA SSO : Align WAOP with added features from CA AG. 

     

    As a customer I don't see it happening - at least not quickly even if it's ever decided to be done. We are planning a transition to the Access Gateway here because of things like that; waiting years for stuff - in the hope it even gets accepted - to get into the WAOP that's already in Access Gateway isn't feasible anymore. The SAML dynamic auth isn't even in the latest CR08 WAOP.

     

    Short of it is, I'd at least consider an alternate plan if you really need something like OIDC sooner than later. If Access Gateway supports your existing servers, you can possibly re-use those systems to transition to it without having to spend more $ on new server builds and operations of them.

     

    Might also be able to sell them on some of the other stuff too like Enhanced Session Assurance...So "hey we gotta retire our WAOP but if we can get Access Gateway folded in then you get OpenID Connect, Enhanced Session Assurance, session linking, etc", maybe doesn't seem as bad then.

     

    PS - I've run the Access Gateway with a separate Web Agent installed on same server no problems. I know they say it's "not supported" but so long as you keep them on unique ports it hasn't been a problem yet from what I tested