Layer7 API Management

 View Only
  • 1.  OTK integeration with Siteminder

    Posted Sep 18, 2020 01:44 PM
    We are looking for any documentation available to integrate OTK with siteminder and use SMSESSION to generate token
    We will also like to understand how can we integrate OTK with different apps in the same siteminder


  • 2.  RE: OTK integeration with Siteminder

    Broadcom Employee
    Posted Sep 21, 2020 09:31 AM
    Hello,

    Documentation for configuring OTK for  authentication with Siteminder is found here:

    https://techdocs.broadcom.com/us/en/ca-enterprise-software/layer7-api-management/api-management-oauth-toolkit/4-4/installation-workflow/configure-authentication/support-optional-authentication-mechanisms.html





  • 3.  RE: OTK integeration with Siteminder

    Posted Sep 21, 2020 10:39 AM
    Hi Stern,

    Thanks for your reply

    I have tried this configuration, but I am still not able to understand how the authorization workflow will happen how can we generate the authorization code using SMSESSION, also how can i configure this for multiple applications ie use this configuration for different user directories and protected resource, document seems to be very tightly coupled with one application

    Please share some thoughts

    Regards
    Akshat


  • 4.  RE: OTK integeration with Siteminder

    Posted Sep 22, 2020 01:51 AM
    Edited by Muzeer Vaseem Abdul Sep 22, 2020 02:09 AM
    Hello Akshat,

    Are you trying to configure SSO to get the Authorization Code Or Access Token ?

    I think, if you already have the SMSESSION in the request, you can extract it and put it in a context variable, and use it in the below assertion (from the link Barry has given). i.e.,
    Atleast One
          - All
              - Compare smsession.variable is not empty
              - Use the "Authenticate Against CA SSO" assertion with "Use SSO Token from context variable"
          - All
              - Compare smsession.variable is empty
              - Get the username and password
              - Use the "Authenticate Against CA SSO" assertion with "Username / password" option

    So, when you consider the below OAuth Authorization Code Grant flow, at Step #3, you will have CA SSO to authenticate the user, either with his credentials or with token, and generates an Authorization Code. And rest of the flow should be normal to get the access token.

    Hope this helps.

    Thanks
    Vaseem




  • 5.  RE: OTK integeration with Siteminder
    Best Answer

    Broadcom Employee
    Posted Sep 22, 2020 05:04 PM
    Hello Akshat,

    There are a few different approaches to using SMSESSION. 

    When are say "generate the authorization code using SMSESSION" I am assuming what you are looking for is if the request has a SMSESSION cookie then instead of prompting the user with a login form to use the SMSESSSION as the credential.  one approach to this is adding logic to /auth/oauth/v2/authorize/login to determine if there is a SMSESSION present and then go directly to login action instead of displaying the login form. 


    Than you would need to modify the "OTK User Authentication extension"to enable the siteminder integration block and configure as Vaseem indicates to reference the SMSESSION as a context variable.

    You will also need to consider login to handle login failure in the even the SMSESSION cookie is invalid.