Symantec Access Management

Tech Tip : CA Single Sign-On : Hashing Algorithm

  • 1.  Tech Tip : CA Single Sign-On : Hashing Algorithm

    Posted 10-11-2018 02:58 AM

    Question:


    I'm running a SPS and I'd like to know if CA Access Gateway (SPS)
    offers support for Hashing algoritm to authenticate with User +
    Password in Hashing format ?

     

    Answer:

     

    CA Access Gateway (SPS) Authentication and Authorization Web Services
    support login and blogin on SOAP and REST request, which aren't in
    Hashing algorithm format unfortunatly :

    Configuring the Authentication and Authorization Web Services

    These web services support the SOAP 1.2 protocol and the HTTP-based
    RESTful architecture using the POST method. The authentication and
    authorization web services provide the following functionality:

    login -- Authenticates and returns a session token when the
    authentication is successful.

    Note: If the Enable User Tracking option is enabled, the response
    contains an identity token additionally.

    blogin -- Authenticates and verifies whether the login is successful;
    does not return a session token.

    logout -- Logs out the user or group
    of users.

    authorize -- Returns an authorization status message and a
    refreshed session token.

    https://docops.ca.com/ca-single-sign-on/12-8/en/configuring/ca-access-gateway-configuration/configuring-the-authentication-and-authorization-web-services

    As such, there's no Hashing Algorithm supported inside these Web
    Service. The only encoded way to pass credentials is to use a
    certificate as login.

     

    What is the Purpose of <binaryCreds></binaryCreds> from Body Section in SPS WS Auth/AZ ?
    https://comm.support.ca.com/kb/what-is-the-purpose-of-binarycredsbinarycreds-from-body-section-in-sps-ws-authaz/kb000013831

     

    In order to get the CA Access Gateway (SPS) enhanced to support
    Hashing Algorithm for login or blogin in Authentication and
    Authorization Web Services, please open an Idea on the Security Page.

     

    KB : KB000117358