Hi Kevin,
To use OIDC Siteminder with Nginx server, I would advise you to use
our GD module "Integration for CA Single Sign-On with NGiNX", in front
of which you will run a Web Agent for authentication.
As this module documentation states :
The CA Single Sign-On HTTP Server Agent for NGiNX is a SSO Web Agent
which provides CA SSO security features for the NGiNX HTTP
Server. This Agent provides standard SSO Web Agent functionality, such
as:
• Single Sign-On
• URL-Based Authorization
• Session Management
NGiNX Web Server provides a pure Java based front-end to its HTTP
request/response services called Ring Handlers. These Ring Handlers
can interact with NGiNX's core HTTP engine using the clojure module to
perform HTTP Services.
The CA SSO Agent for NGiNX is a Ring Handler, which interacts with the
NGiNX core HTTP engine via the clojure API as defined in the NGiNX
Clojure Java Package nginx.clojure.java.NginxJavaRingHandler. The Ring
Handler API provides a mechanism where a component is inserted into
the request processing pipeline prior to NGiNX serving the request.
The CA SSO Agent for NGiNX is configured with NGiNX web server to
provide security capabilities during HTTP request processing. The
Agent will intercept HTTP requests and determine protection status,
user authentication and resource authorization. Because the Agent
covers the core CA-SSO Agent features, it provides Single Sign-On for
users logged into other SiteMinder protected applications in the
enterprise. Important Note: The CA SSO Agent for NGiNX is a Java Ring
handler, and requires the NGiNX-Closure module. The NGiNX-Clojure
module allows Java Ring based handlers to be embedded in NGiNX.
ref.:
CA Global Delivery Packaged Work Product Download Index
"Integration for CA Single Sign-On with NGiNX"
https://techdocs.broadcom.com/us/product-content//recommended-reading/technical-document-index/ca-global-delivery-packaged-work-product-module-index.html?id=%7B3B2E2905-11AF-4479-B309-63F113CA5D57%7D?id=%7B3B2E2905-11AF-4479-B309-63F113CA5D57%7DI have no experience with that integration, but reading its
documentation, I don't see any blocking aspect as Web Agent will
handles in combination of Web Agent Option Pack the Authentication and
Federation Assertion consumption, and the Agent on NGinx will handle
the authorization of the session with the security of Nginx.
I hope this helps,
Best Regards,
Patrick
Original Message:
Sent: 08-27-2019 02:06 PM
From: Kevin Lang
Subject: SiteMinder SSO for NGINX Server
Gurus,
We have a NGINX webserver installed on RHEL (Red Hat Enterprise Linux Server release 6.10). We would like use CA SiteMinder OpenID Connect for SSO solution. Do anybody has experienced on this setup. Could you share your insights, documentation, steps, pitfall and etc. Any information would be helpful. Please let me know if you need more information from myside.
Thank you so much in helping me out,
K
------------------------------
Kevin
------------------------------