Symantec Access Management

 View Only
  • 1.  Integrating my SAML app with CA Siteminder

    Posted May 04, 2018 10:33 AM

    Requirement - Missing value to be added in the Name attribute of the PartnerIdentityProvider section of saml.config.

     

    While integrating my app with CA Siteminder i have used the below saml.config file:

     

    <PartnerIdentityProvider Name="NEED THE IDENTITY PROVIDER NAME"         
    SignAuthnRequest="true"
    WantAssertionOrResponseSigned="true"
    WantAssertionEncrypted="true"
    UseEmbeddedCertificate="true"
    SingleSignOnServiceUrl="https://api.security.com/passport/sp/gsaml/init?aid=60d857a4-8118-4027-99dd-daae2515163f"
    SingleLogoutServiceUrl="https://api.security.com/passport/sp/gsaml/logout?aid=60d857a4-8118-4027-99dd-daae2515163f"/> 

     

    The value for the "PartnerIdentityProvider" Name attribute was not provided as part of the "Enter Metadata Manually" section of the SP information tab under App -> Configure.

    But other info like "SingleSignOnServiceUrl" and "SingleLogoutServiceUrl" values were provided, but without the IDP id value which goes as the value for  "PartnerIdentityProvider" Name attribute the application would not run successfully.

     

    Can someone from the CA team can help me with obtaining this value. I have received the other values required in the “PartnerIdentityProvider” section of the saml.config from the “Identity Provider Information” while configuring the App in the CA Site.

     

    Earlier while configuring SAML using ADFS as the IDP, we had used the below url as the value for  "PartnerIdentityProvider" Name attribute.

    http://**********.com/adfs/services/trust

     

    So we are looking for a similar trust url for using CA Siteminder as the IDP.

     

    It would be of great help if i received that value, or atleast led in the direction wherein i would obtain this value.

     

    Regards,

    Amith



  • 2.  Re: Integrating my SAML app with CA Siteminder

    Posted May 04, 2018 01:37 PM

    When you create a Federation Partnership in CA Single Sign On (SiteMinder), the URLs you are needing will be displayed , along with a list of other details related to the Partnership, or via the Partnership SAML Metadata (after the partnership has been created)



  • 3.  Re: Integrating my SAML app with CA Siteminder

    Posted May 07, 2018 02:50 AM

    So if I am getting this right , you are saying that CA SSO is IDP and you need the IDP ID and other urls for CA SSO ?

     

    Navigate to Federation --> Entities . Select the correct entity with:

    • Location= Local 
    • Entity Type = SAML2 IDP

     

    The next screen should list all the information you need for CA SSO IDP :

     

     

    Hope this helps.

     

    Regards,

    Ujwol



  • 4.  Re: Integrating my SAML app with CA Siteminder

    Posted May 07, 2018 03:42 AM

    Thanks for the info Ujwol,

     

    The pics you showed seemed to provide the URL details for a licensed user.

    Can the same details while using a Trial License (Free Trial Account).

     

    If yes, can you guide me to the steps to get the same details for a trial account user.

     

    As currently I have a free trial account in the CA Site and I have received all url details besides the “Base URL”, “Entity ID”, “Entity Name”.

     

    Thanks for your help in advance.

     

    Regards,

    Amith



  • 5.  Re: Integrating my SAML app with CA Siteminder

    Posted May 07, 2018 04:44 AM

    Hello Amith,

     

    If my understanding is correct, you can define any Entity ID (it can be your server name as well, or Organisation name etc) it just uniquely identifies the IDP , but it should remain the same as SP use IDP Entity ID at their end. 

     

    Entity Name is just a name to display in Admin UI.

    Base URL is the URL to the server on which federation service has been defined for ex: https://BaseURL/affwebservice/public/sam2sso . 

     

    Thanks

    Ankur Taneja



  • 6.  Re: Integrating my SAML app with CA Siteminder

    Posted May 07, 2018 07:30 PM

    Adding to what Ankur said, Have you downloaded CA SSO , installed and configured and IDP local entity ? If not you will need to do that first. While creating the local entitty you can specify ANY value for Entity ID and Entity Name.