Has anyone in the community implemented an OpenID Connect client side implementation with Siteminder / Single Sign on. In other words, an external partner is the OpenID Connect Provider (OP) while Siteminder/Sign sign on based infrastructure on the your side is the Relying Party (RP). On Siteminder, we can have an OAuth partnership (or) an OAuth authentication scheme configured.
If yes, were you able to get Siteminder read the claims from the ID token.
We found that we needed to implement the userinfo callback to get the claims. We did at one stage try adding them to the access token, but that didn't seem to work (ie the encrypted token size did not increase). Adding the SMSESSION to the token did seem to work (at least the encrypted value became a lot longer).
I added an entry to Jack's post, but here is the link to the setup we did to diagnose the support client issue :
CA SSO OpenID Connect Provider - with Apache OpenID Client
Cheers - Mark
----Mark O'DonohueSnr Principal Support Engineer - Global Customer Success
Hi Mark.ODonohue ,
Thanks for your reply. Looked at the example, this seems to be a case of Siteminder acting as an OpenIDConnect provider (OP)and Apache with the OIDC module acting as a Relying party (RP). I am clear on this use-case.
However, on my original post, i was looking for any references for a different use-case where we have an external partner acting as an OpenID Connect Provider (OP) and Siteminder based infrastructure acting as the Relying party (RP). In other words, an external partner sends out an ID Token and an Access Token into a Siteminder based infrastructure. Can we have siteminder consume both these tokens or at least either of them to generate an SMSESSION and send the user to an integrating application.
A bit late here, but to confirm CA SSO can not act as Open ID connect relying party.
This ER is currently under review :
CA SSO full support for OpenID Connect