I created this video tutorial / demo to show how easy it can be to set up Apache on Linux to consume OIDC tokens from CA SSO 12.8
00:14:30
Hi Mithrandir,
It seems to me you are wanting to use OIDC as a replacement of SMSESSION; whereby, the authentication and application protection are both handled by SiteMinder.
SiteMinder can consume JWT for any protected realm, but it cannot act as a OIDC relying party with grant flows. For this, we recommend the Layer7 API Gateway as an additional SiteMinder enforcement point.
As shown in the video, SiteMinder can act as the OIDC Authorization Server for non-SiteMinder protected applications.
Hi Warren_Barrow ,
Thank you for this tutorial. As far as the product consumption of the id_token is concerned, what is a way in which the id_token created by the CA SSO Authorization server be posted to a realm that is protected by a JWT Authentication Scheme so that it consumes the token? It seems the product leverages the JWT Authscheme for jwt consumption but there is now way for the token created by CA SSO to be sent there via any mechanism (such as partnerships, etc).
The Oauth partnership was great because you could set up the two endpoints for idp -> sp in a partnership where the mechanism was in place for token generation and consumption but the same is not true with OpenID Connect.