Symantec Access Management

  • Private Community

  • 1.  CA SSO Service and identity provider

    Posted May 31, 2017 05:53 PM

    I want to do a small test setup for configuring 

    Configure CA SSO to act as an SAML 2.0 Identity Provider

    Configure CA SSO to act as a SAML 2.0 service provider

     

    Just thinking aloud how many boxes I will need?

     

    2 Policy servers - One to act as Identity Provider and one as Service Provider?

    Both need to connected to same policy store/user store?

     

    I have one policy server which has SQL Server as Policy Store. When I try to configure SAML Service Provider it does not show any affiliated domain. Looks like configuring user store from CA Directory or Active Directory is a must to move forward with Service Provider.

     

    Any advice will be very helpful and appreciated.



  • 2.  Re: CA SSO Service and identity provider
    Best Answer

    Posted May 31, 2017 07:39 PM

    To keep things clean, I prefer to have two isolated envrionment for my IDP and SP.

    So each IDP and SP will have their own Policy server/Policy Stores/User Stores etc.

     

    However, you can always use the same environment to act as both SP and IDP.