Symantec Access Management

We're planning to use SiteMinder to implement fine-grained access control (FGA) based on user's inputs to the web application. E.g. if creditLimit > 10K then authorised.

To meet this requirement, we can create Form Post Variables and use them in SiteMinder policies. However, the web application is using JSON messages, NOT Form POST.

Questions:

1. Can we create variables for JSON messages in SiteMinder?

2. Can SiteMinder enforce FGA for JSON messages based on user's inputs?

Any advise is much appreciated.

thank you,

MunFai

Hi MunFai -

While I do not have a specific answer to your question, I can tell you that we have a case open with CA support currently because the agents cannot handle JSON data when post preservation is invoked.  This may not impact you but just wanted you to know.

Sam

Hi Sam,

Appreciate the note about that case.

MunFai

I would not mind PoC'ing at CA Layer7 Solution for this purpose. Use Layer7 and speak to CA SSO via Layer7.

Regards

Hubert

Hi Hubert,

it's an existing ca sso customer. layer 7 means additional license costs.

MunFai

That is Correct, it is additional license cost. However if the development teams are driving towards API based solutions (JWT, JSON) it makes sense to have fully blown API Based Security offering. I'd ideally looks at short term goals against longer term Organizational Development goals. 

Not to mention, the fact that is it not just Layer7, however it is CA MAG (Mobile Access Gateway). It is Layer7 + mobile SDKs.

On the original post, CA SSO as of now does not have capability to parse JSON messages.

So,

1. Can we create variables for JSON messages in SiteMinder?

=> No, it is not possible to create variables from JSON message. Only FORM post is supported for variables.

2. Can SiteMinder enforce FGA for JSON messages based on user's inputs?

=> No

I would encourage you to create an idea for this.

I suggest you to vote on this enhancement request:

https://communities.ca.com/ideas/235730013?forceNoRedirect=true