Symantec Access Management

  • Private Community
 View Only

  • 1.  CA Single Sign-On WebAgent >= 12.6?

    Posted Apr 03, 2017 09:53 AM

    New release of CA Single Sign-On does not ship with an updated version of the WebAgent, but only with the latest CA Access Gateway (ex-SPS).

    There is no mention of the WebAgent component in the docs (e.g. the PSM), but I can find only that "the older 12.52 version is compatible with the new 12.6"; no information on a release for a 12.6 Agent.

     

    Is there a planned release of this component?

    Or it will be deprecated in the future in favour of the CA AG?

     

    Thank you in advance

    Regards



  • 2.  Re: CA Single Sign-On WebAgent >= 12.6?

    Posted Apr 03, 2017 06:55 PM

    Hi Enrico,

     

    For 12.6 version, we didn't ship with web agent as the major change is mainly on policy server and CA Access gateway come with 64 bit installer.

    Web agent already support 64 bit web server on 12.5x series so we are not included web agent in 12.6 release for this point of time. However, there might be possibility 12.6 will include web agent in future release.

     

    In 12.6 platform matrix (https://support.ca.com/phpdocs/7/5262/5262_12_6_platform-support.pdf), you can find following in section 4.1 Policy Server and Agents Compatibility

    ###

    Any 6.x versions of Web Agents, Access Gateways (previously called Secure Proxy Server), ERP Agents, ASA Agents, and 5.x versions of ERP Agents that are not beyond their end-of-service date do not support IPv6 or FIPS Mode (and can only connect to 12.6 Policy Server in FIPS Compatibility Mode).

    ###

    This means 12.6 policy server is backward compatibility to web agent.

     

    There is no plan to deprecate web agent in favor of CA AG.

     

    Hope this helps.

     

    Regards,

    Kar Meng



  • 3.  Re: CA Single Sign-On WebAgent >= 12.6?

    Posted Apr 04, 2017 01:46 PM

    "There is no plan to deprecate web agent in favor of CA AG."

     

    What about for "new" functionality and enhancements? Seems like WA + WAOP are ignored over CA Access Gateway (e.g., session assurance, OAuth Authorization Server [this is AG too in 12.7 I believe?]). Those of us who don't want the CA Access Gateway for various reasons (namely for me it was buggy / crashed a lot) are stuck.

     

    Would be nice for the WA + WAOP to get some love here to do something besides SAML/OAuth Consumer.



  • 4.  Re: CA Single Sign-On WebAgent >= 12.6?

    Posted Apr 04, 2017 08:56 PM

    Hi Chris,

    Thanks for your update. I agree "new" functionality and enhancement didn't get reflected in WA + WAOP. If you think new function or enhancement is needed in WA + WAOP, you can submit "Idea" under https://communities.ca.com/community/ca-security/ca-single-sign-on/content

     

    and product manager will review based on feedback from customer.

     

    Regards,

    Kar Meng