Layer 7 API Management

Expand all | Collapse all

How can we integrate the CA API Gateway with PingFederate for SSO

Jump to Best Answer
  • 1.  How can we integrate the CA API Gateway with PingFederate for SSO

    Posted 03-07-2017 02:01 PM

    Hello All

    I would like to ask here for any experience and documentation related to the integration between the CA API Gateway and the PingFederate for SSO. In the documentation of the product is talks that it can integrate with many IdPs and SSO solutions, however I cannot see any details on how to do it, just general information about the initial configuration.

    Per different talks we have had this has to be done using assertions, I'm looking for guideline on that.

     

    Thanks in advance.



  • 2.  Re: How can we integrate the CA API Gateway with PingFederate for SSO

    Posted 03-08-2017 01:38 PM

    Not a complete solution, as we're also trying to achieve this, but my guess is this is something to deal with OTK, as there is already a placeholder in it to interface with CA SiteMinder, in "OTK User Authentication" fragment.

    But yes for sure I would also like some guildelines in order to achieve this integration.



  • 3.  Re: How can we integrate the CA API Gateway with PingFederate for SSO
    Best Answer

    Posted 03-14-2017 12:08 PM

    Hi,

     

    A little more information. We are able to interface with PingFederate STS endpoint.

    Pretty simple in fact, too bad there is lack of CA documentation on how to interface with major players in town...

    On the Ping, have a profile being created for your API Gateway (will be used in RST SOAP Issue Request as for "AppliesTo" field).

     

    • 1st assertion build the SOAP request skeleton (Type: Issue, Issuer being the Ping STS endpoint, AppliesTo described above).
    • 2nd assertion basically adds username+password (Check Include Password, Include Created, BinarySecToken).
    • 3rd apply the 2nd and encapsulate it in a wssec (check Remove and recreate, Use MustUnderstand, Omit actor, Apply WS-Security, Use default Certificate).
    • last one actually route the request to the PingFederate STS endpoint (method POST, request src = requestBuilder.rstRequest).

    Now, should be pretty easy to integrate it into let's say "OTK Client authentication". Still in WIP here.