We have exposed an API that currently leverages CA SiteMinder to authenticate and authorize users. We would like to extend that authentication to third-party applications using OAuth 2.0, while still utilizing SiteMinder for the user’s initial login and session generation.
The Layer 7 OAuth Toolkit provides a flexible way to meet the requirements of almost any API-based access control scenario. The wide range of credential types, external integrations and flexible policy workflows supported by Layer 7 Gateways fits well with the rich variety of grant types and interaction scenarios envisioned by the OAuth 2.0 specification. The combination allows support for legacy users, while still preparing the enterprise for OAuth.
The OAuth Toolkit can use CA SiteMinder session tokens to authenticate and authorize users while acting as an OAuth authorization server, allowing usage of existing identity systems. Layer 7 Gateways allow integration with existing Identity and Access Management (IAM) systems including products from CA, IBM, Novell, RSA, Oracle and Microsoft.
The video tutorial at the bottom of this page explores the steps necessary to enable an OAuth 2.0 framework on an external identity provider. These steps include:
- Navigating to the grant type you wish to use within the OAuth Authorization Server v2.0 templates
- Creating a branch to allow either SiteMinder token authentication or a standard OAuth user challenge
- Navigating to the policy protecting the resource server
- Creating a similar branch to detect either a SiteMinder token or standard basic auth and using a comparison assertion to validate the scope of an existing token