Layer7 Access Management

Expand all | Collapse all

SSO for non-web applications

Jump to Best Answer
  • 1.  SSO for non-web applications

    Posted 03-05-2017 12:35 AM

    How to provide SSO for legacy non-web applications? Previously there was CA SSO (or ESSO) Client but it seems it was deprecated. One of the core applications is based on Oracle forms (thick client).



  • 2.  Re: SSO for non-web applications

    Posted 03-06-2017 12:43 AM

    Hi,

    Can you provide more information what do you mean by non-web application? What is the Oracle application that you try to integrate with?

    Not sure about ESSO, do you have reference inforamtion?

     

    Regards,

    Kar Meng



  • 3.  Re: SSO for non-web applications

    Posted 03-06-2017 02:23 AM

    Hi Kar,

    The application is an old one developed in oracle-forms, does not run in a browser.

    ESSO or SSO Client was the CA's solution for this kind of applications.

    Thank you, best regards.



  • 4.  Re: SSO for non-web applications
    Best Answer

    Posted 03-06-2017 12:47 AM

    You will probably need to use SDK to build a custom agent for your thick client.



  • 5.  Re: SSO for non-web applications

    Posted 03-06-2017 02:17 AM

    Hi Ujwol,

    This seems to be the unique option, I guess.

    But it would be a tricky one because the agent should be able to handle different applications' requests and also, ideally, it should provide password sync with IM. That's why the old CA SSO Client (ESSO) was so useful and flexible.

    I had (still have!) some expectations that another similar solution could be found.

    Thank you for your reply!

    Best regards



  • 6.  Re: SSO for non-web applications

    Posted 03-06-2017 06:50 PM

    Hi Paulo,

     

    I think you are referring to CA etrust SSO. This product has been deprecated and shouldn't confuse with CA SSO (used to be Siteminder). Siteminder was acquired by CA 10+ years ago while etrust SSO is CA home grown product.

     

    After reviewed following etrust SSO document, I believe you are referring to SSO client that run on end user workstation.

    https://supportcontent.ca.com/cadocs/0/g006742e.pdf

     

    As summary, CA SSO didn't have the client as what mentioned in etrust SSO. You can engage CA Services for the customization requirements

     

    Regards,

    Kar Meng

     

     



  • 7.  Re: SSO for non-web applications

    Posted 03-06-2017 07:10 PM

    Yes, that's right Kar Meng. CA eTrust SSO is what customer is referring to.

    There was an integration between CA eTrust SSO and SiteMinder which will allow user to SSO between these two product.

     

    From the eTrust SSO guide :

    "It is possible to use an SSO cookie to authenticate to SiteMinder protected
    resources. This requires your enterprise to be using eTrust SiteMinder (version
    6.0sp4 or greater), and for both SiteMinder and eTrust SSO to be pointing to
    the same LDAP datastore."

    http://search.ca.com/assets/SiteAssets/TEC430050_External/g007892e.pdf 

     

    Now , the question is given that we have deprecated eTrust SSO what are customer options here as for CA SSO (formerly CA SiteMinder) is limited to protecting only web based resources.



  • 8.  Re: SSO for non-web applications

    Posted 03-06-2017 11:13 PM

    Dears Ujwol and Kar Meng.

    You both are totally right. I was indeed referring to CA etrust SSO - now that I read your comments and inquired the attachment, I can confirm (maybe eSSO was a buzzword we used in a project years ago, I guess).

     

    As a conclusion - i believe you might agree - Ujwol raised the question properly and also provided the answer:

    • "Now , the question is given that we have deprecated eTrust SSO what are customer options here as for CA SSO (formerly CA SiteMinder) is limited to protecting only web based resources."
    • "You will probably need to use SDK to build a custom agent for your thick client."

     

    If you see any other options, please let me know.

     

    Thank you both very much. Best regards.

    Paulo