Layer7 Access Management

Expand all | Collapse all

CA SSO - Responses from SharePoint 2010

  • 1.  CA SSO - Responses from SharePoint 2010

    Posted 01-04-2017 09:32 AM
      |   view attached

    Dear all,


    We have integrated our CA SSO r12.52 SP2 with our SharePoint 2010 server. We need to add the following responses at our application.




    Is it possible to create the response as the following technote states for SM_USERGROUPS response? 

    If yes what are the Variables/Attribute Names for the other responses that we need? 


    Thank you in regards.

  • 2.  Re: CA SSO - Responses from SharePoint 2010

    Posted 01-05-2017 10:10 AM

    Firstly I am assuming you are using CA Agent for SharePoint and WSFED SSO for this Integration with SharePoint. If this is not the case please let know, because the below explanation is true for WSFED SSO using CA Agent for SharePoint.


    SM_USERGROUP is by default included by the Agent for SharePoint "ConnectionWizard". Furthermore, SM_USERGROUP is enhanced by the FMATTR tag, which separates the single string of groups into separate lines / diffferent tags. Thus enabling SP (SharePoint) to identify all the groups in different lines. The ConnectionWizard is a utility shipped within the Agent for SharePoint Installation.

  • 3.  Re: CA SSO - Responses from SharePoint 2010

    Posted 01-24-2017 11:54 AM

    There is no R12.52 SP2 Agent for SharePoint 2010/2013, so it is unclear what Single Sign On Agent you have installed in the environment protecting the SharePoint Server.


    With that being said, Single Sign On Authentication/Authorization "Responses" are "Responses" regardless if this is an Agent for SharePoint or not protecting the SharePoint Server.


    As stated by Dennis, the SM_USERGROUP is a special attribute to return all groups the authenticated/authorized user is a member of, and it would not be used to return other response values.


    Please refer to the following link which documents Single Sign On Responses;


    Responses and Response Groups - CA Single Sign-On - 12.52 SP2 - CA Technologies Documentation 


    You can define what ever name is required per response, and return what ever LDAP attribute (Database field) value is needed in the response header.

  • 4.  Re: CA SSO - Responses from SharePoint 2010

    Posted 02-01-2017 07:16 PM

    As a correction...the special attribute to return a user's Group Membership with SiteMinder is "SM_USERGROUPS" not "SM_USERGROUP".  I would also like to point out that if using "Nested Groups" in the SiteMinder environment, the attribute would be "SM_USERNESTEDGROUPS" to return all groups including the Nested Groups that a user is a member of.