To me it seems like SAML 2.0 is on its way out and Oauth2 will be more common form of federation single sign-on. We have been using SAML for federated SSO with dozens of our business partners, but lately we are getting demands from our new business partners for Oauth2 as the federated SSO method rather than SAML.
We are in the process of upgrading our SiteMinder r12.0 systems to r12.52 and one of the main driver of this effort is to take advantages of the Oauth2 support that comes with r12.52. I struggled a bit trying to build out our r12.52 policy servers and had some good help from folks here at CA Community, which now provides us with a SiteMinder r12.52 environment to play with but I don't really know much about Oauth!
I feel quite comfortable with SAML and how to set SiteMinder up as both a SAML IDP and SP, but my goal now is to learn how to setup a test Oauth2 using our new r12.52 as the Oauth local client authenticating with my google account. I found several documentations out there that shows me how to setup SiteMinder Oauth2 authentication scheme with social media, but what I am trying to accomplish at this point is to learn how to setup SiteMinder so that SiteMinder acts as the Oauth authenticating server (SAML IDP) and request access to my Google account resource via Oauth (SAML SP). Once I figure out how to do this then eventually we will do the same with our business partners.
So for folks out there that had already worked with Oauth2 using SiteMinder r12.52, I would very much appreciate any advise you can provide and if you can point me to any resources where I can learn to start with a basic Oauth2 implementation such as setting up SiteMinder to talk to Google or Facebook account then that would be very helpful.
Thank you in advance!
Hi Duc Tran,
You can check following documentation on OAuth
Configure an OAuth Authentication Scheme - CA Single Sign-On - 12.52 SP2 - CA Technologies Documentation
There is some reference I made to communities some time ago when configure with Facebook as below:
Quick tip on Register an Application with an OAuth Provider (Facebook)
Hope this helps.
but what I am trying to accomplish at this point is to learn how to setup SiteMinder so that SiteMinder acts as the Oauth authenticating server (SAML IDP) and request access to my Google account resource via Oauth (SAML SP).
Siteminder is not supported act as Oauth server.
There was idea submitted as below.
CA SSO OAuth Authorization Server
Product management is in the process to put this as one of the future feature but has no timeline yet.
Hi Kar, thank you for the quick response.
But WOW... this is a major blow to our organization. This is a serious show stopper. I will do some more investigation into this and contact our CA account rep, but this is VERY disappointing.
But again, thank you for taking the time to respond, Kar.
We reached out to our CA account representative and they confirmed that the latest version of SiteMinder r12.52 indeed, does not support generating of the Oauth token like you said. They did mentioned that it is likely that the r12.7 release "might" have this capability when it is released early 2017.
Again, thank you for taking the time to respond.
Thanks for your update.
Yes, I did check with product manager and understand that we plan to support this in future release but no timeframe nor version provided yet.