Symantec Access Management

Team,

We have to propose a fine-grained authorization tool to the client, therefore we are looking for documentation for SmWalker for siteminder, but unfortunately couldn't find it on CA site. Can anyone help me with the pointers to the SmWalker documentation in order to understand how it works? 

Quick response is appreciated. 

Thanks,

Shivam

Hi Shivam,

https://www.ca.com/content/dam/ca/us/files/service-offering/smwalker-for-ca-single-sign-on-overview.pdf 

This is a Global Delivery Module and you need to contact your CA Account Manager.

Regards,

Leo Joseph.

Thanks Leo. 

We can use ca sso sdk to implement the custom solution, therefore how is Smwalker different from the custom solution using ca sso sdk.

Shivam smukhi

SMWALKER documentation is available within the zip file which also has the binary. You can download the zip file from Global Delivery PWP site.

https://support.ca.com/us/product-content/recommended-reading/technical-document-index/ca-global-delivery-packaged-work-product-module-index.html

Difference between CA SSO SDK Custom Solution and SMWALKER. Custom Solution is something that the customer owns / maintains / updates / test and ofcourse there is no additional licensing cost. SMWALKER is owned / maintained / updated / tested by CA (GD Team) and there is additional licensing cost.

Having said the above, if your requirement is specifically doing fine grained authorization i.e. you intend to play at the policy layer. Have you considered using EXPRESSION within Policy and see to what extent that fulfills your requirements for fine grained authorization. The benefit here is that EXPRESSION is OOB included within the core CA SSO product and can be used within POLICY and RESPONSES.

Operators - CA Single Sign-On - 12.8 - CA Technologies Documentation 

Policy Expression Settings - CA Single Sign-On - 12.8 - CA Technologies Documentation 

Thanks, Hubert. 

We tried using the policy expression option, but it looks like a multivalued attribute can't be used or compared in the policy expression tab. We got this confirmed by CA. 

Also, can you point me to SmWalker module that is certified with CA SSO 12.8 on Windows 2016? 

Thanks,

Shivam

Hi Shivam,

Checking the CA Single Sign-On Packaged Work Product Platform Roadmap

https://support.ca.com/phpdocs/7/5262/5262_pkgd_work_product_platform_roadmap.pdf

SmWalker for CA Single Sign-On Roadmap Date is on Jul 2018

Also refer : XAuth RADIUS for CA SSO 12.8 

Regards,

Leo Joseph.

Shivam smukhismukhi

What is the use case, could you elaborately echo that for me. We can play with Multi-valued attributes using EXPRESSIONs. So I'd be eager to see what is your use case.

Yes. With SMWALKER there is some added flexibility. Just wanted to be sure you are driving in the right direction.

We have a situation in a client where SMWALKER may be the solution. We already have an LDAP model for authentication and authorization in a TDS directory (IBM) and in the authorization we need a more complex search/validation.

We need to do two LDAP queries on the authorization. One in a group and the result in the user. Return the groups that have a certain value in an attribute and when to return see if the user is a member of this group. But looking at the memberOf attribute on the user, instead of the member attribute of the group. This avoids a large volume of values in the member object group (issue for this client).