Layer7 Access Management

Expand all | Collapse all

CA SSO as SAML 2.0 Service Provider

  • 1.  CA SSO as SAML 2.0 Service Provider

    Posted 06-13-2018 09:55 AM

    hello!

    Just wanted to know if someone can direct me to steps on how to configure CA SSO as service provider. We have created a local IDP , remote SP and the connection, but not entirely sure how to proceed. It would be great to get some detailed steps.

     

    Thanks!

    Lalitha



  • 2.  Re: CA SSO as SAML 2.0 Service Provider

    Posted 06-13-2018 10:04 AM

    Refer to this video CA SiteMinder® Federation Demo - YouTube 

     

    Since CA SSO is Service Provider, on CA SSO end we would create a local SP, Remote IdP and SAML 2.0 SP-->IdP Partnership (exactly reverse of what you have described i.e. We have created a local IDP , remote SP and the connection).

     

    Start by Creating Entity Objects

    Entity-1 : Local SP CA SSO

    Entity-2 : Remote IdP (You can import IdP's Metadata)

     

    Move ahead with Partnership

    SAML 2.0 SP --> IdP Object from the Drop-Down in Partnership.

     

    These are just the WAMUI objects and WAMUI side of configuration (Policy Server and Policy Store). I am hoping you have completed necessary pre-requisite installs on WA-WAOP or CA Access Gateway which would act as the front end (hosts all the endpoints URLs).



  • 3.  Re: CA SSO as SAML 2.0 Service Provider

    Posted 06-13-2018 10:12 AM

    Hi,

    Sorry, I have created a remote IDP and local SP but have typed it wrong here. 

    Should we also create a SAML2.0 Authentication scheme? we are using partnership federation. 

    Will local SP, remote IDP and the connection suffice?

    Thanks,

    Lalitha



  • 4.  Re: CA SSO as SAML 2.0 Service Provider

    Posted 06-13-2018 10:14 AM

    No need to create the SAML 2.0 Authentication Scheme. That was the old model using Legacy Federation.

     

    In Partnership Federation there are 3 mandatory objects...

    A. Entity - IdP (Remote or Local; based on the Role Local IdP or Remote IdP).

    B. Entity - SP (Remote or Local; based on the Role Local SP or Remote SP).

    C. Partnership (where we link both the Entity i.e. IdP to SP or SP to IdP; based on the flow).

    D. Optional for PoC (but recommended / mandatory for Test / Production ENV) X509 Certificates for Signing / Encryption. Refer to X509 Certificate Management in WAMUI.



  • 5.  Re: CA SSO as SAML 2.0 Service Provider

    Posted 06-13-2018 10:06 AM

    Hi Lalitha,

     

    Refer : how to configure SSO as an SP 

     

    Regards,

    Leo Joseph.