Layer7 API Management

Expand all | Collapse all

Calling Register CA SSO Configuration via Script after migrating

  • 1.  Calling Register CA SSO Configuration via Script after migrating

    Broadcom Employee
    Posted 10-16-2018 06:30 PM

    I have migrated all the policies and CA SSO configuration also onto a new environment via GMU command line scripts.  However, the CA SSO Assertion from API Gateway on the new environment fails.

     

    Then I had to manually open CA SSO Configuration and click on Register button and hit OK button again in the subsequent dialog box, then only the CA SSO Assertion started working.

     

     

    Why Registering CA SSO Configuration manually is needed after the policy migration?

     

    If it is a must, then is there a way to call Register  CA SSO Configuration via command line thru some service call to get this accomplished?

     

    Appreciate your inputs.



  • 2.  Re: Calling Register CA SSO Configuration via Script after migrating

    Broadcom Employee
    Posted 10-16-2018 06:51 PM

    I believe it's a required step, the "Register” is to register the CA SSO Agent on the gateway to the siteminder policy server. The settings on SSO server side needs to be correct to make the integration work.

    The GMU only makes the changes on gateway side.

     

     



  • 3.  Re: Calling Register CA SSO Configuration via Script after migrating

    Broadcom Employee
    Posted 10-17-2018 08:47 AM

    Thanks for your Reply.

     

    Well, then there is no automation possible when we deploy the changes to the next environment for the first time?



  • 4.  Re: Calling Register CA SSO Configuration via Script after migrating

    Posted 10-17-2018 11:23 AM

    Is it possible to run the smreghost (command line utility that is part of the Siteminder SDK) and then subsequently import the SMHost.conf file that is generated by that command into the API Gateway? 



  • 5.  Re: Calling Register CA SSO Configuration via Script after migrating

    Broadcom Employee
    Posted 10-19-2018 11:01 PM

    The register process does use the smreghost command but we stored it into our database tables so the smhost.conf will not port through to the table. You can try to use the restman command outlined on the local online documentation to create a new configuration: https://<GW FQDN>:8443/restman/1.0/doc/restDoc.html#1.0/siteMinderConfigurations 

     

    Once the new one is created then you can map it using GMU for the migration from the other system.

     

    Sincerely,

     

    Stephen Hughes

    CA Support