Layer 7 Access Management

What you may have missed in the CA Security Communities! November 2017 

12-20-2017 04:14 PM


Dear CA Securities Community Member,


With so much going on in the Security Communities, I have consolidated recent activities in case you missed anything.





CA Single Sign-On Roadmap Session – January 16th 1:00PM ET 

CA Single Sign-On Roadmap Session – January 17th 9:00AM ET 


CA Identity Suite Roadmap Session – January 10th 10:00AM ET 


CA PAM Roadmap Session – January 16th 11:00AM ET 

CA PAM Roadmap Session – January 16th 5:00PM ET 




CA Single Sign-On Community Webcast - CA SSO and NGINX Demonstration – November 28th 

NGINX+ is a rapidly growing web platform in use by many organizations today. To secure applications running inside NGINX+, CA SSO can use the OpenID Connect protocol to enable access control of and single sign-on to NGINX+ platform. Using federation standards like OpenID Connect can provide a lighter weight “agentless” integration method suitable for many organizations. 

This integration is a key part of the CA SSO demo that will be shown at CA World. This webinar will provide the ability to see this integration in detail for those that did not attend CA World, or for those that did attend but want to get a closer look.


Presented by Tommy Cheng, Sr Principal Engineering Svcs Architect, Aaron Berman, Sr Advisor Presales and Liam Crilly, NIGIX Product Manager


Replay - CA Single Sign-On Community Webcast - CA SSO and NGINX Demonstration – November 28th 




CA PAM Community Webcast - Recent Developments in CA PIM – November 29th

Recent Developments in CA PIM


CA’s Privileged Identity Manager (PIM) has recently released an updated version, and development is currently underway for future improvements. Join us for an update from CA Product Management on the progress of PIM.


Presenter: Nick Groh is Sr. Principal of Product Management across the CA Privileged Access Management portfolio.


CA PAM Community Webcast - Recent Developments in CA PIM – November 29th 

PIM Update 11-29-17 





CA Security

   Security at CA World: Services and Education Insights 


   New option to change the definition of 'reviewed' in the iConsole Standard Search 

   The European General Data Protection Regulation (GDPR) 

   GA Announcement of CA Directory r12.6 Service Pack 4 

   CA-Directory-Getting to know Directory 

   Example for defining a load share group in CA Directory 


   Watch Replays of the CA World '17 Keynotes 

   Identity Suite vApp - IP & IG Deployment Model with external database (MS-SQL) 

   vApp IG & IP - Missing Configuration for External Database 

   IP & IG vApp External IAMCS Configuration 


CA Identity Service (IDaaS)

   Announcing the Thursday November 9th 2017 CA Identity Service Update 


CA Single Sign-On

   Tech Note : Enable httpclient logging in Access Gateway 12.7 

   Tech Tip : CA Single Sign-On :: Policy Server::An agent change key command was received that contained a set of null keys 

   A Primer on CA SSO REST APIs for Migrations and Upgrades 

   Tech Tip : CA Single Sign-On ::What information is stored in the SMSESSION Cookie 

   Tech Tip : Howto enable Tracing in Access Gateway (fka: Secure Proxy Server) 

   Tech Tip: Access Gateway (formerly Secure Proxy Server) - Links to useful articles 

   Tech Tip : CA Single Sign-On : Can access existing session from different browsers after Session Assurance setup 

   SAML Assertion plugin – Moving CA SSO protected applications to the Cloud 

   Tech Tip - CA Single Sign-On:Federation: How to Integrate Amazon Web Services (Service Provider) with Siteminder (Identity Provider) [1] 

   Tech Tip : CA Single Sign-On : SMREASON not set correctly when Administrator Forces user to change Password 

   Tech Tip : CA Single Sign-On : Unable to cleanup submitted task in Adminui 

   Tech Tip : CA Single Sign-On : MaxSessionCacheSize ACO parameter is not working as expected 

   Tech Tip:How to enable trace logging in SSO (aka Siteminder) Webagent 

   Tech Tip : CA Single Sign-On : Error# '85' during search: 'error: Timed out' in Sharepoint Roles with large amount of users 

   Tech Tip : CA Single Sign-On : When trying to create an affiliate domain in FSS UI we cannot as it fails with a popup: "Permission to modify this object was denied." 

   Tech Tip : CA Single Sign On : AdminUI Login Flow 

   Tech Tip : CA Single Sign-On : How the realm idle timeout enforcement is applied to login pages? 

   Tech Tip : CA Single Sign-On : smauditimport tool is failing to import access log into MS SQL Database 

   Tech Tip : CA Single Sign-On : Policy Server fails to generate metrics/statistics for APM user store that is configured in a directory mapping 

   Tech Tip : CA Single Sign-On : Auditlog Rollover does not work 

   Tech Tip : CA Single Sign-On : No default value applied for features configuration in Policy Server Configuration Wizard 


   Tech Tip : CA Single Sign-On : After unlocking a user account, Policy Server fails to allow the user to log in to the application in the first attempt 

   Tech Tip : CA Single Sign-On : Long assertion being truncated on Policy Server 

   Tech Tip - CA Single Sign-On:Policy Server: smmigratecds AES decryption failed 

   Enabling an SSL connection to a CA Directory policy store 

   Workaround to register an admin UI with multiple policy servers 

   Tech Tip : CA Single Sign-On : On which version will the 12.52SP1 Agent for JBoss be certified for JBoss 7 ? 

   Tech Tip : CA Single Sign-On : FSSUI returns error 55 

   Tech Tip : CA Single Sign-On : Policy Server backend CA Directory Session Store over SSL reports error : "SSL3 alert read: fatal: bad certificate" 

   Tech Tip : CA Single Sign-On : OneView Monitor write tons of logs lines permanently in Tomcat stdout logs 

   Tech Tip : CA Single Sign-On : XFrameOptions isn't honoured in Secure Cloud 1.55 

   Tech Tip : CA Single Sign-On : Starting ERP Agent for SAP, this one complains that the license isn't valid : Invalid license for product SmWebAsAgent 

   Tech Tip : CA Single Sign-On : AdminUI returns error "Error: No registration on file." 

   Question: I'm looking for specific libraries for a Custom Agent, and I'd like to know in which package I can get the libraries below. Could you provide a package which includes the adequate libraries for Sparc Solaris 10 64bit ?  libicui 

   Tech Tip : CA Single Sign-On : Policy Server 12.6 64bit has still Environment Variable related to 32bit libraries 

   Integration - SM + SOI + EEM 

   Tech Tip : CA Single Sign-On : Disabled User doesn't get Authorized as it was in Policy Server 6 

   Tech Tip : CA Single Sign-On : Policy Server reports "Failed to write audit log record. Record dropped" lines 

   Tech Tip : CA Single Sign-On : CA Access Gateway (SPS) UseHTTPOnlyCookies available for Federation Session Cookies 

   Tech Tip : CA Single Sign-On : Web Agent returns "CredentialManager returned SmFailure, end new request" when processing Kerberos Authentication Scheme 

   Tech Tip : CA Single Sign-On : The Java Policy Management Method SmPolicyApi.getAgent() fails to get a specific Agent 

   Tech Tip : CA Single Sign-On : The Policy Server start-all command fails intermittently to execute completely 

   Tech Tip : CA Single Sign-On : Starting Web Agent with OHS, this one shuts down some seconds after having started successfully 

   Tech Tip : CA Single Sign-On : Policy Server reports "Bad search filter" error when the operator TRANSLATE is in use in a Response 

   Tech Tip : CA Single Sign-On : How to implement ODBC LoadBalancing for User Store 

   Tech Tip : CA Single Sign-On : Configuring a Cookie Provider, once user has logged in first domain, it's asked to enter credentials for the second domain again. 


CA Identity Management

   Install Provisioning Server but installer says missing Directory version 

   How to troubleshoot Connector Server 

   JasperReport Server 6.3 install on RHEL 7.2 with Oracle 12c 

   JasperReport Server 6.2 Install on Windows 2012 with Integration with CA Identity Manager 12.6.8 

   Creating a Unix Account with specific UID 

   CA Identity Manager 12.6.x and below: Steps to Resolve OOTB Provisioning Certificates that expired on 6th Oct,2017 

   Tech Tip - CA Identity Portal: Checkbox or Radio Buttons? 

   Tech Tip - CA Identity Portal: User data does not appear on search results 

   Tech Tip - CA Identity Manager: Policies Xpress are not being processed 

   CA Identity Suite 14.x Upgrade Page 

   CA Identity manager AD end point to change from One AD to another AD(different forest than the first AD) 

   Nov 25, 2017 certificate expiration 

   Using MS Excel to validate your feed 

   Deploy a vApp Sandbox with Production TDM Data 

   TDM (Test Data Management) with CA Identity Suite/vApp 


CA Privileged Access Management

   PAM not able to verify or change the password of Linux account 

   Tech Tip - CA Privileged Access Manager: Socket Filter Agent Monitoring 

   Tech Tip - CA Privileged Access Manager: Transparent Login fails with Java application 

   Tech Tip - CA Privileged Access Manager: CAPM 2.8.3 or 2.8.4 upgrade can cause problems with Thales HSM integration 

   Tech Tip - CA Privileged Access Manager: Root account fails to update other accounts password if not in sudoers file 

   General Availability Announcement for CA Privileged Access Manager v2.8.4 

   Tech Tip - CA Privileged Access Manager: Windows Registry usage by PAM client 

   Tech Tip - How to configure PAM for Smart Card authentication 

   Tech tip - CA Privileged Access Manager: Troubleshooting for "Group names not specified" during account discovery 

   Tech Tip - CA Privileged Access Manager: Access to NetApp devices 

   Tech Tip:  Identifying the various PAM hardware appliances. 

   Tech Tip:  Configuring PAM to Manage Passwords for Scheduled Tasks on a Windows Server. 

   Tech Tip:  RSA not working 

   Tech Tip:  Unable to Apply a License Without Threat Analytics 

   Tech Tip:  Deploying a PAM Management Console 

   Tech Tip:  Unable to apply a license without AWS 

   Tech Tip:  Scanning Ports Used by PAM Clustering 

   Top Ten Knowledge Base Articles published for CA Privileged Access Manager (since 1st April 2017 to 4th October 2017) 

   Tech Tip:  Something to check if RSA Authentication is sometimes slow 

   PAM 3.0.1 Adding Cert killed VM NIC 




Community Manager, Agile Management and Security Communities


0 Favorited
0 Files

Tags and Keywords

Related Entries and Links

No Related Resource entered.