Symantec IGA

  • 1.  ALERT! SSL NOT maintained between IdM and BOXI

    Posted Apr 10, 2012 05:48 PM

    Since R12, the Identity Manager and the report Server communicate over a non-secure HTTP protocol. There are requests received from the customers to support the reports viewing over a secure HTTP Channel (HTTPS)

     

    • The IM Server Communicates with the Report Server over HTTP. The logon to the CABI Services is using the Business Objects Enterprise (BOE) SDK.
    • The IM Server gets a logon token (to the Report Server) using createWCAToken() (Creates a logon token that can be used for multiple logons without increasing the session count.) . This token is then used to view the reports as URL’s(HTTP) using the Open Document Format. The Protocol (HTTP) is hardcoded in the code for viewing the reports.
    • The Business Object services within CABI can communicate over SSL or without SSL.
    • The Connection to database is over Non-Secure channel (IM to Snapshot DB and Report server to Snapshot DB)


    [img]ALERT! SSL NOT maintained between IdM and BOXI Reports_Diag.bmp


    Even in a Secure Identity Manager Environment, this communication to the Report Server is over HTTP (Non-Secure).

    After reviewing the customer requests and discussing with support, we have concluded that the request is to make the IM to report server communication for viewing Reports Secure. (When we view a report, the SSL should be preserved on the browser throughout the delivery of the report so that no IE warnings show up indicating that we are viewing a non-secure frame within a secured IdM session.).

    [img]ALERT! SSL NOT maintained between IdM and BOXI Reports_Diag2.bmp

    This is currently being enhanced and will be release in a future version of IdM.

    Please post with any questions or concerns.
    Thank you.
    Regards,

    Chris Thomas
    CA Technologies
    Principal Support Engineer
    Identity Manager Reporting Expert
    Tel: +1-631-342-4360
    Chris.Thomas@ca.com



  • 2.  RE: ALERT! SSL NOT maintained between IdM and BOXI

     
    Posted Apr 10, 2012 06:01 PM
    Thanks for the great info Chris!


  • 3.  RE: [Tuesday's Tips] RE: ALERT! SSL NOT maintained between IdM and BOXI

    Posted Apr 10, 2012 10:08 PM
    Yes, in this era of concern over security I am glad to know about this vulnerability.
    We should look for these holes and proactively fill them.

    Thank you,
    Glenda

    From: CA Security Global User Community (Distributed) [mailto:CommunityAdmin@communities-mail.ca.com]
    Sent: Tuesday, April 10, 2012 5:01 PM
    To: mb.19262410.97812339@myca-email.ca.com
    Subject: [Tuesday's Tips] RE: ALERT! SSL NOT maintained between IdM and BOXI

    Thanks for the great info Chris!
    Posted by:Chris_Hackett
    --
    CA Communities Message Boards
    97814879
    mb.19262410.97812339@myca-email.ca.com<mailto:mb.19262410.97812339@myca-email.ca.com>
    http://communities.ca.com


  • 4.  RE: [Tuesday's Tips] RE: ALERT! SSL NOT maintained between IdM and BOXI

    Posted Sep 28, 2012 10:27 AM
    Looks like this has been enhanced in the latest version of IdM 12.6, but I can only seem to find the Websphere related documentation for it here... Chasing down where the doc is for the other application server deployments.