Symantec Access Management

Hi all,

I have an implementation for Siteminder for which the Access Gateway is also a OpenID Client and I'm stuck in the configuration for this part.

The scenario is as in the below images

And the authentication si username/password, but after the initial login, the nginx and the backend should receive the Authorization Bearer and not a basic auth.
This auth bearer token will be send to each app and this apps will ask Siteminder to revalidate the auth bearer token

I defined openid provider and client as in

https://community.broadcom.com/enterprisesoftware/viewdocument/ca-sso-openid-connect-provider-wi?CommunityKey=f9d65308-ca9b-48b7-915c-7e9cb8fc3295&tab=librarydocuments

But I'm stuck in this configuration and any idea would be helpfull.

Regards,
Bogdan Barbu

Hi.

We managed to make this work in the way that was desired. As soon as I will have some more time I will post in another comment all the configurations we made to have it work.

Regards,
Bogdan Barbu
Original Message:
Sent: 02-26-2021 06:17 AM
From: BOGDAN BARBU
Subject: Access Gateway as OpenID Client / Siteminder response as authorization bearer

Hi all,

I have an implementation for Siteminder for which the Access Gateway is also a OpenID Client and I'm stuck in the configuration for this part.

The scenario is as in the below images

And the authentication si username/password, but after the initial login, the nginx and the backend should receive the Authorization Bearer and not a basic auth.
This auth bearer token will be send to each app and this apps will ask Siteminder to revalidate the auth bearer token

I defined openid provider and client as in

https://community.broadcom.com/enterprisesoftware/viewdocument/ca-sso-openid-connect-provider-wi?CommunityKey=f9d65308-ca9b-48b7-915c-7e9cb8fc3295&tab=librarydocuments

But I'm stuck in this configuration and any idea would be helpfull.

Regards,
Bogdan Barbu