Hi all, looking at CA Single Sign On download page
CA Single Sign-On Hotfix/Cumulative Release Index - CA Technologies
it seems that latest available release for webagent Option pack is 12.52 Sp1 cr08I have a customer running CA SSO 12.52 Sp1 Cr08 and he is planning to upgrade to 12.8
What about webagent option pack?
It seems to me that the latest features as OpenIdConnect and JWT auth schema are available only with CA Access Gateway.
What about customer that implemented Webagent Option Pack? is there a version of webagent agent option pack that make those new featuring availble?Thank youBest Regards
Below is the link to download the same :
SSO WEBAGENT OPTION PACK R12.52 SP01 CR08 [#2504]
SSO WEBAGENT OPTION PACK R12.52 SP01 CR08
I am sorry for the confusion,
You might have to use SPS for 12.8 ,
JSON Web Token (JWT) Authentication Scheme
CA Single Sign-On supports JSON Web Token (JWT) template as an authentication scheme to authenticate and authorize the protected resources by accepting the JWT. The authentication scheme requires CA Access Gateway or CA Single Sign-On SDK for implementation.
CA Single Sign-On as OpenID Connect Resource Server
CA Single Sign-On can act as an OpenID Connect Resource Server for web resources that are protected by the JWT authentication scheme. CA Single Sign-On accepts JWT that is generated by any OpenID Connect Provider. This feature requires CA Access Gateway.
New Features - CA Single Sign-On - 12.8 - CA Technologies Documentation
Release Comparison - CA Single Sign-On - 12.8 - CA Technologies Documentation
My question come out since customer currently use federation services deployed with webagent option pack and they do not have a plan to include new servers for CA Access Gateway in their environment. Of course they can continue to use the current features (SAML federation and so on) but is there a plan to make openidconnect endpoint available in webagent option pack also? or no way, the mainroad is to go for CA Access Gateway
As of now, we do not have any plan to release the webagent option pack, you might have to use SPS if you want to use the feature,
I would request you to raise an Enhancement Request / Idea about the same.
Please use the link below to file an enhancement request to include JWT support for Option pack 12.52 SP1 Next CR
Creating an ?Idea? (Enhancement Request) - CA Knowledge
Hi Rahme i opened an idea, please vote at the following link:
Web Agent Option pack enhancement
Voted up on the request, I will send it to our team also to Vote for it
Similar idea was here - CA SSO : Align WAOP with added features from CA AG.
As a customer I don't see it happening - at least not quickly even if it's ever decided to be done. We are planning a transition to the Access Gateway here because of things like that; waiting years for stuff - in the hope it even gets accepted - to get into the WAOP that's already in Access Gateway isn't feasible anymore. The SAML dynamic auth isn't even in the latest CR08 WAOP.
Short of it is, I'd at least consider an alternate plan if you really need something like OIDC sooner than later. If Access Gateway supports your existing servers, you can possibly re-use those systems to transition to it without having to spend more $ on new server builds and operations of them.
Might also be able to sell them on some of the other stuff too like Enhanced Session Assurance...So "hey we gotta retire our WAOP but if we can get Access Gateway folded in then you get OpenID Connect, Enhanced Session Assurance, session linking, etc", maybe doesn't seem as bad then.
PS - I've run the Access Gateway with a separate Web Agent installed on same server no problems. I know they say it's "not supported" but so long as you keep them on unique ports it hasn't been a problem yet from what I tested .