Symantec Access Management

Hi Team ,

I have successfully deployed and configured CA Siteminder web agent and integrated Liferay user store with CA SSO. Also , i have created  domain and realms accordingly for that. Now, when trying to integrate CA SSO with liferay , i am unable to find siteminder configuration window and after going through various articles i found liferay 7.x version only support Token based SSO authentication. How can i integrate the same using token based SSO integration ? 

I want to know, what is the configuration for token based SSO authentication and is there any other way for integrating liferay and SSO ?

It would be a great help if anyone can share some article or document regarding that .

Environment - CA SSO - 12.7 version

Liferay Eap 7.0 version

Please Help 

Thanks in advance

Regards

Girish Gandhi

Please refer this document - https://dev.liferay.com/en/discover/deployment/-/knowledge_base/7-1/token-based-single-sign-on-authentication 

Where to find Siteminder Configurations:

"Token based authentication is disabled by default. To manage token based SSO authentication, navigate to Liferay Portal’s Control Panel, click on System Settings, → Security → SSO. Token Based SSO appears in the list at the bottom. Alternately, you can search for Token in the Search field."

According to above document link - there are various token based options to integrate with SSO solutions. One of the Siteminder supported mechanism is "HTTP request header" based.

This is how your configuration should look like on LifeRay Portal:

Authentication cookies:  SMIDENTITY, SMSESSION

Enabled: Checked

Import from LDAP: < Check this box to automatically import users from LDAP if they do not exist in the portal. (This may not be required, but you need to understand the requirement and make decision). >

Logout redirect URL: <When user logs out of Liferay Portal, the user is redirected to this URL.>

Token location:  HTTP request header

User token name: SM_USER

Additional info:

On siteminder/SSO side -you need to take care of Userdirectory/Agent/ACO/Domain/Realm/Rules/Policies...etc. 

SM_USER is a default HTTP header set by Siteminder webagent for applications to make use of it.

Default HTTP Headers Used by the Product - CA Single Sign-On - 12.7 - CA Technologies Documentation 

Hope this helps !!!, Let me know, if you have further questions on this.

Regards

Ashok

Thanks a lot for your help Ashok , but my main concern is what would be the configuration to be used for Token based SSO authentication . Do I have to also keep the parameters like Token location , User token name as default ? 

I have successfully deployed and configured SSO webagent but i didn't found any of these options(User token name,Token Location) to select some values for that , while configuring the agent . So i am confused what values should i give in those parameters . I think i am doing something wrong from liferay Eap 7.x tool end. It would be a great help if you can share some article or document explaining these Token based sso configuration parameters briefly .

Thanks again

Regards

Girish Gandhi

Further adding more to my question . Is there any other option to be enabled or checked , apart from the enabled option given in Token based sso authentication configuration window for a successful integration of Single sign on and Liferay  ?

Did you make it work ? are you still looking for assistance ?

No it didn't worked yet . I am still looking for an assistance .