Layer7 API Management

  • 1.  Integration with CA Single Sign-On (Siteminder)

    Posted Sep 25, 2018 09:54 AM

    Hi All,

     

    I am trying to integrate with Single Sign-On for the first time with the API Gateway.

    What are the steps? Are there any prerequisites that I need to accomplish prior?

     

    I have already installed the Siteminder SDK referred from the Release Notes 9.3, moved that file to my /home/ssgconfig directory on the Gateway's shell. Then on the Policy Manager was able to go to Tasks > Extensions and Add-Ons > Manage Solution Kits and import the Siteminder .sskar file and resolve the conflicts for post-installation tasks. I have also added the fields to my system.properties file:

    org.apache.tomcat.util.http.ServerCookie.ALLOW_EQUALS_IN_VALUE = true

     

    Are there other tasks I need to do before I continue?

     

    Do I just need all the information on the CA SSO side for configuration and validating that it works? Like for instance, the configuration when I apply an assertion relating to SSO i.e. the Check Protected Resource Against CA Single Sign-On assertion when it prompts for:

    - Configuration Name

    - Agent

    - Protected Resource

    - Action

    - Server Name

    - Source IP

    - Prefix Variable

     

    Please let me know! Or would trying SSO with API Portal be an easier task to integrate?

     

    Thanks!



  • 2.  Re: Integration with CA Single Sign-On (Siteminder)

    Broadcom Employee
    Posted Sep 26, 2018 07:58 PM

    Hi Tiffany 

     

    For those parameters you mentioned, in "Check Protected Resource Against CA Single Sign-On " yes you will need all of them. 

     

    They have specific meaning to the CA Single Sign On application, 

     

    For a sample working SSO integration you could pick up the policy attached to : 

    Integrating APIM Gateway with CA Single Sign-On - adding a grace time for updating SMSESSION cookie. 

    that would show most of those variables in context, and give an idea where to get them.

     

    The documentation does described the steps for adding the default SSO setup and assertions, as well :

    Authenticate Against CA Single Sign-On Assertion - CA API Gateway - 9.3 - CA Technologies Documentation 

    Working with CA Single Sign-On - CA API Gateway - 9.3 - CA Technologies Documentation 

     

    Integration via API Gateway assertions is the normal process, I have not see an integration via API Portal.

     

    Cheers - Mark

     

    https://docops.ca.com/ca-api-gateway/9-3/en/security-configuration-in-policy-manager/tasks-menu-security-options/manage-ca-single-sign-on-configurations



  • 3.  Re: Integration with CA Single Sign-On (Siteminder)

    Broadcom Employee
    Posted Oct 01, 2018 07:25 AM

    Hi

    Did the answers on this thread  answered your question? If it did please mark it as the right answer.
    When your question is not answered or you still have additional questions please let us know.

    With Kind Regards
    Dirk