I am trying to integrate with Single Sign-On for the first time with the API Gateway.
What are the steps? Are there any prerequisites that I need to accomplish prior?
I have already installed the Siteminder SDK referred from the Release Notes 9.3, moved that file to my /home/ssgconfig directory on the Gateway's shell. Then on the Policy Manager was able to go to Tasks > Extensions and Add-Ons > Manage Solution Kits and import the Siteminder .sskar file and resolve the conflicts for post-installation tasks. I have also added the fields to my system.properties file:
org.apache.tomcat.util.http.ServerCookie.ALLOW_EQUALS_IN_VALUE = true
Are there other tasks I need to do before I continue?
Do I just need all the information on the CA SSO side for configuration and validating that it works? Like for instance, the configuration when I apply an assertion relating to SSO i.e. the Check Protected Resource Against CA Single Sign-On assertion when it prompts for:
- Configuration Name
- Protected Resource
- Server Name
- Source IP
- Prefix Variable
Please let me know! Or would trying SSO with API Portal be an easier task to integrate?
For those parameters you mentioned, in "Check Protected Resource Against CA Single Sign-On " yes you will need all of them.
They have specific meaning to the CA Single Sign On application,
For a sample working SSO integration you could pick up the policy attached to :
Integrating APIM Gateway with CA Single Sign-On - adding a grace time for updating SMSESSION cookie.
that would show most of those variables in context, and give an idea where to get them.
The documentation does described the steps for adding the default SSO setup and assertions, as well :
Authenticate Against CA Single Sign-On Assertion - CA API Gateway - 9.3 - CA Technologies Documentation
Working with CA Single Sign-On - CA API Gateway - 9.3 - CA Technologies Documentation
Integration via API Gateway assertions is the normal process, I have not see an integration via API Portal.
Cheers - Mark
Did the answers on this thread answered your question? If it did please mark it as the right answer.When your question is not answered or you still have additional questions please let us know.
With Kind RegardsDirk