CA Service Management

 View Only
Expand all | Collapse all

SDM SSO with EEM and Siteminder for other domain

Anon Anon

Anon AnonApr 21, 2015 03:54 AM

  • 1.  SDM SSO with EEM and Siteminder for other domain

    Posted Apr 20, 2015 12:40 AM

    Hi all,

     

    My aim to to have SSO for EEM contacts. Let me explain my environment

     

    My CA SDM server is located in abc.com domain

    EEM is configured with xyz.com domain. I want to these xyz.com people should have SSO when they access our CA SDM in their machine

     

    I understood, this can be done by using CA Siteminder.

    So installed CA Siteminder in one separate server and i created a User directory in Siteminder to pointout xyz.com Active directory

    I am able to view contacts of xyz.com people in Siteminder. Then i changed the User store configuration of EEM to point to Siteminder User directory which i created.

    eemuserstore.png

    Now i am able to get xyz.com contacts in Manage Identities of EEM. Fine.

    Then as per the below doc, i configured in Siteminder

    https://wiki.ca.com/display/eem1251/Integrating%20CA%20EEM%20with%20the%20SSO%20Server#

     

    After this, when i enable the option Enable SSO Server in EEM as below:

    ssoeem.png

    I am getting an error as below:

    errorsso.png

    Please help me on this. Appreciate you in advance

     

    Thanks,

    Saran

    https://in.linkedin.com/in/saravanakumarkcapgemini

    Mobile: +91 9972977877



  • 2.  Re: SDM SSO with EEM and Siteminder for other domain

    Posted Apr 21, 2015 03:54 AM

    The specified item was not found.



  • 3.  Re: SDM SSO with EEM and Siteminder for other domain

    Posted Apr 21, 2015 07:42 AM

    Hi Naveen,

     

    Thanks for your findings. I tried the results of EEM community which could not help me out on this regard

     

    Have you done similar kind of SSO for EEM contacts who are from outside domain?

     

    Please help me out here.

     

    Thanks,

    Saravanakumar



  • 4.  Re: SDM SSO with EEM and Siteminder for other domain

    Broadcom Employee
    Posted Apr 21, 2015 05:04 AM

    Hi SaravanaKumar,

     

    Have you registered the SSO Server with EEM?

     

    SAP Portal Services

     

    Thanks,

    -Gopi



  • 5.  Re: SDM SSO with EEM and Siteminder for other domain

    Posted Apr 21, 2015 07:38 AM

    Hi Gopinath,

     

    Thanks for your reply.

     

    Yes. I have done steps as part of the steps i mentioned

    https://wiki.ca.com/display/eem1251/Integrating%20CA%20EEM%20with%20the%20SSO%20Server#

     

    Have you done this same requirement?

     

    Thanks,

    Saravanakumar



  • 6.  Re: SDM SSO with EEM and Siteminder for other domain

    Broadcom Employee
    Posted Apr 22, 2015 07:30 AM

    Hi SaravanaKumar,

     

    Reference to Siteminder under User store and SSO Server have different usage.

     

    As per your requirement you would want to configure Siteminder as an User Store which has connection to xyz.com .

    No need to configure SSO Server.

     

    Please refer to this section....

     

    https://wiki.ca.com/display/eem1251/How+to+Integrate+CA+SiteMinder+with+CA+EEM

     

    Thanks,

    -Gopi



  • 7.  Re: SDM SSO with EEM and Siteminder for other domain

    Posted Apr 23, 2015 05:49 AM

    Hi Gopinath,

     

    Thanks for your correct direction

     

    I followed the link you mentioned above.

    1. Create agent and user directory to pulled contacts from xyz.com domain - Working fine, Showing contacts

    2. In EEM, configured Reference from Siteminder and I'm able to get users of xyz.com in Manage Identities

    3. I changed web authentication for default Access type in CA SDM to EEM authentication and Allow external authentication

    From a client machine which is registered in xyz.com, if i login with windows user credential of one of user in xyz,com and open CA SDM portal and login, it is not automatically logging in in CA SDM

     

    But if i supply Username and password manually, its login in.

     

    Can you please help me on how to get SSO for CA SDM from the above configuration?



  • 8.  Re: SDM SSO with EEM and Siteminder for other domain

    Broadcom Employee
    Posted Apr 23, 2015 08:12 PM

    What is the format of the userid being used to do SSO and what is the format of userid in ca_contact.userid for the same user?


    Assuming the access type for that user is set for External Authentication the above two should match for SSO to work properly. 


    _R



  • 9.  Re: SDM SSO with EEM and Siteminder for other domain

    Posted Apr 23, 2015 08:49 PM

    Hi Raghu,

     

    The format of userid is casdmuser1 and external authentication is enabled for default access type. But SSO is not happening.

     

    Please help on this.

     

    Thanks,

    Saravana



  • 10.  Re: SDM SSO with EEM and Siteminder for other domain

    Broadcom Employee
    Posted Apr 24, 2015 09:33 PM

    The only other thing that you could check maybe (using browser debugging tools or something Fiddler) to see if a HTTP header http_remote_user is being passed with appropriate userid of SDM.

     

    If it matches we should let the user in.

     

    Pdm_logstat -f session.c verbose should also show these headers into stdlogs. (I am not sure if trace is enough or verbose.  That's why I am referring to use verbose).  Turn on, complete the tests and turnoff immediately.

     

    To turn off type  pdm_logstat -f session.c

     

    That's it.

     

     

    Hopefully the logs will give some clues. You could raise a support ticket for the same too if that seems better.

     

     

    _R



  • 11.  Re: SDM SSO with EEM and Siteminder for other domain

    Posted May 18, 2015 11:04 AM

    Hi Raghu,

     

    Thanks for your inputs.

     

    I enabled the trace for session.c

    i am getting the logs as below:

    05/18 07:42:48.34 casdm001   web:local        2936 VERBOSE  session.c         4916 The parameter is not callback_func, ENV_HTTP_REMOTE_USER=null
    05/18 07:42:48.34 casdm001   web:local        2936 VERBOSE  session.c         4916 The parameter is not callback_func, ENV_REMOTE_HOST=192.168.137.8
    05/18 07:42:48.34 casdm001   web:local        2936 VERBOSE  session.c         4916 The parameter is not callback_func, ENV_REMOTE_USER=null
    05/18 07:42:48.35 casdm001   web:local        2936 VERBOSE  session.c         4916 The parameter is not callback_func, ENV_REQUEST_METHOD=GET
    05/18 07:42:48.35 casdm001   web:local        2936 VERBOSE  session.c         4916 The parameter is not callback_func, ENV_SCRIPT_NAME=/CAisd/pdmweb.exe

     

    SSO is not happening also. I cannot create support ticket for this. Please help me on this.

     

    Thanks,

    Saravana



  • 12.  Re: SDM SSO with EEM and Siteminder for other domain

    Broadcom Employee
    Posted May 18, 2015 11:37 AM

    I believe if the SM Agent Configuration Object is modified to pass  HTTP_REMOTE_USER  and REMOTE_USER  with a value of the userid in question, that this would work.

     

    _R



  • 13.  Re: SDM SSO with EEM and Siteminder for other domain

    Posted May 21, 2015 02:34 PM

    Hi Raghu,

     

    I configured ACO according to that. But it is not reflecting Remote_ user

     

    :(

     

    Regards,

    Saravana



  • 14.  Re: SDM SSO with EEM and Siteminder for other domain

    Broadcom Employee
    Posted May 21, 2015 05:55 PM

    This is definitely something to that could use a webex session with a CA Siteminder expert. A support case might be needed to engage parties across the board.

     

    _R