Symantec Access Management

Expand all | Collapse all

CA Single Sign On OpenID

Jump to Best Answer
  • 1.  CA Single Sign On OpenID

    Broadcom Employee
    Posted 05-18-2018 05:19 AM

    Hi, one of my customer  has a new requisite to work with OpenID Connect.

    I see that it is supported from CA Single Sign On from 12.7 but it requires  CA Access Gateway. 

    Which is the minimum version for CA Access Gateway to support OpenID Connect endpoints?

    It is enough to enable federation during CA Access Gateway installation to get the new endpoints available?

    Thank you

    Best Regards



  • 2.  Re: CA Single Sign On OpenID

    Posted 05-18-2018 07:50 AM

    Hi,


    If the SSO Version is 12.7, then your Access gateway version can be 12.7 or less than that,

     

    Regards,
    Ram,



  • 3.  Re: CA Single Sign On OpenID

    Posted 05-18-2018 08:48 AM

    Question : It is enough to enable federation during CA Access Gateway installation to get the new endpoints available?

    Answer : From a CA AG perspective yes, enabling federation during CA AG configuration process is enough to have the new endpoints available. Additionally I'd recommend enabling SSL (https) on CA AG apache layer.



  • 4.  Re: CA Single Sign On OpenID

    Broadcom Employee
    Posted 05-18-2018 09:04 AM

    Hi, thank you for the reply, anyway i guess that CA Access Gateway must also be 12.7 or newer, anyway the required endpoint will not be deployed. Am i right?



  • 5.  Re: CA Single Sign On OpenID
    Best Answer

    Posted 05-18-2018 10:41 AM

    Correct it has to be R12.7 or Higher. My recommendation is to evaluate Customer use cases and then see if R12.7 suffices OR should we use R12.8 as it has much broader set of feature support for OIDC.