Symantec Access Management

Expand all | Collapse all

SSO R12.7 OpenID Connect Sample App

Jump to Best Answer
  • 1.  SSO R12.7 OpenID Connect Sample App

    Posted 09-07-2017 05:08 PM

    Hi All,

     

    I am trying to do a POC for using OpenID connect using Siteminder R12.7, documentation provides the steps we need to perform on Adminui, but there is no sample app or example given how to integrate and test. I was wondering if there if there is a sample app provided Out of the box or if someone have sample app I can use.

     

    I am not sure if the understanding I am having here is correct or not, the flow will be something like, please correct me if something is incorrect.

    1) I will hit a URL

    2) Will get prompted for login 

    3) we will see an OpenID Token, which will change on every refresh, which can be utilized  by other API's or applications.



  • 2.  Re: SSO R12.7 OpenID Connect Sample App
    Best Answer

    Posted 09-08-2017 03:39 AM

    Hi Richard, 

     

    Please refer following thread for sample configuration both client/server: CA SSO OpenID Connect Provider - Agentless SSO 

     

    This demo uses, Apache module mod_auth_openidc on OpenID connect client.

     

    Regards,

    Ujwol



  • 3.  Re: SSO R12.7 OpenID Connect Sample App

    Posted 09-11-2017 01:06 AM

    Hi Ujwol,

     

    Recently I have completed POC for OPENID using Siteminder 12.7 as Authorization Provider.

    To get the setup working, had to protect "/affwebservices/secure/secureredirect*" URL under SPS agent which is not mentioned in runbook (though not sure why it wasn't mentioned).

     

    Regards,

    Sushant



  • 4.  Re: SSO R12.7 OpenID Connect Sample App

    Posted 09-11-2017 01:12 AM

    Hi Sushant,

     

    Great. Yeah , I just checked the referenced community post, its not mentioned. However, it is mentioned in the official doco :

     

    Configure CA Single Sign-On as OpenID Connect Provider - CA Single Sign-On - 12.7 - CA Technologies Documentation 

     

    If you select this option, complete the following steps:

    1. Set the Authentication URL field to the following URL:

    2. Protect the secureredirect web service with a policy.

     

    We still need to work on complete step by step guide on this setup. Hopefully soon.

     

    Regards,

    Ujwol