Symantec Access Management

  • Private Community
 View Only
Back to discussions
Expand all | Collapse all

Siteminder oAuth SAML integration

  • 1.  Siteminder oAuth SAML integration

    Posted Sep 14, 2016 02:32 PM

    We already have a solution inplace that uses legacy federation [resource partner] for authenticating user from OnPremis AD to Home grown .net Application.

     

    Now, we are planning to extend the capability of introducing oAuth [facebbok Authentication].

     

    As part of architecture, looking into a solution like .

     

    1, User authenticates against Facebook

    2. After authentication, send the token to existing Legacy federation[resource partner]'s  STCS.

    3. Since the STCS from #2 already configured with legacy federation allows user to access the application

     

    is this a feasible approach from Siteminder perspective or do we need to stand up 2 different solutions?



  • 2.  Re: Siteminder oAuth SAML integration

    Posted Sep 15, 2016 07:40 AM

    Hi Manju,

     

    As per my understanding, You have an existing legacy federation setup(WS-Federation) and it is acting as Resource Partner.
    At the Resource Partner, a client, such as WS-Federation Assertion Consumer must be available to process the assertion. It can consume a RequestSecurityTokenResponse message and can use the assertion in the response to authenticate and authorize users.

    And now you are planning to extend the capability of introducing Oauth (Facebook Authentication).
    Are you going to replace Account Partner with OAuth (Facebook Authentication) or still you want to use that as well?

    As you know, if we use OAuth (Facebook Authentication), we get Oauth token instead of RequestSecurityTokenResponse and Resource Partner does not have capability to consume Oauth token. To consume oauth token, we should create oauth client - server partnership.

     

    Please find the runbook for Facebook IDP.
    https://support.ca.com/phpdocs/1/8231/runbooks/CASM-FacebookIDPFederationRunbook-ver1.pdf

     

    Thanks,

    Sharan



  • 3.  Re: Siteminder oAuth SAML integration

    Posted Sep 23, 2016 02:30 PM

    yes we want to have both up and running



  • 4.  Re: Siteminder oAuth SAML integration
    Best Answer

    Posted Sep 26, 2016 11:26 AM

    Hi Manju,

     

    As informed before, if we use OAuth (Facebook Authentication), we get Oauth token instead of RequestSecurityTokenResponse and Resource Partner does not have capability to consume Oauth token. To consume oauth token, we should create oauth client - server partnership. Hence you cant use the existing legacy WS-federation setup to consume oAuth token and you would need to create oauth client - server partnership.

     

    Please find the runbook for Facebook IDP.
    https://support.ca.com/phpdocs/1/8231/runbooks/CASM-FacebookIDPFederationRunbook-ver1.pdf

     

    Thanks,

    Sharan



  • 5.  Re: Siteminder oAuth SAML integration

    Posted Sep 28, 2016 03:00 PM

    Thanks sharan