Symantec Access Management

 View Only
  • 1.  Federation for oracle RPAS

    Posted Jul 08, 2016 01:02 PM

    Hi,

     

    I am looking for a CA SSO Federation runbook for Oracle RPAS. I would like to know how to config the IDP and SP side SSO . Can anyone help me..



  • 2.  Re: Federation for oracle RPAS
    Best Answer

    Posted Jul 10, 2016 12:17 AM

    Kevin

     

    I don't see this being very complicated even if we do not have a Runbook available.

     

    Think of this in the fact that it is regular SAML and as long as both entities participating in the Federated SSO work as per SAML specification, it should be easy to understand IdP and SP requirements, then map that into a Federation Partnership at both ends.

     

    The key things I'd take care of is....

     

    • Is it IdP Initiated Journey OR SP intiated journey.
    • Who is IdP and who is SP.
    • Audience Info.
    • Assertion Consumer Service URLs.
    • Exchanging the IdP IDs and SP IDs.
    • Finalizing Assertion Attributes.
    • Signing Certificate and Signing Assertions.

     

    I'd begin with a basic partnership and build from there.

     

     

    Regards

    Hubert



  • 3.  Re: Federation for oracle RPAS

    Posted Jul 18, 2016 02:32 PM

    Hi Hubert,

     

    1. It's a SP initiated flow

    2. Siteminder is the IDP and Weblogic is the SP. Oracle Rpas is on weblogic

    3. Assertion Consumer URL : The application team is unable to determine what the ACS url is. This is a new setup and the SP team has no idea about this configuration. Correct me if am wrong, is it called "Published Site URL" in weblogic?

     

     

    Found this URL which speaks about the CA Sitemider Identity Asserter With Oracle weblogic. Is this required?

    http://www.ca.com/~/media/Files/Add-OnServicesComponents/Integration-for-CA-SiteMinder-Identity-Asserter-with-Oracle-WebLogic.pdf

    http://www.ca.com/~/media/Files/Add-OnServicesComponents/Integration-for-CA-SiteMinder-Identity-Asserter-with-Oracle-WebLogic.pdf

    Need some more guidance on this



  • 4.  Re: Federation for oracle RPAS

    Broadcom Employee
    Posted Jul 11, 2016 09:02 AM

    Kevin,

    We do not have a CA SSO Federation runbook for Oracle RPAS.  However as Hubert stated this should be doable without one.  Please see his notes for the key steps.

    Regards,

    Sandy