Kristen Malzone (CA) :
Welcome to Office Hours! We'll get started in 2 minutes.
Kristen Malzone (CA) :
Let's get started! If you have a question about CA Single Sign-On, enter it here in the chat window. Our product experts are standing by to answer your questions.
Kristen Malzone (CA) :
Please RT to invite others to join: https://twitter.com/CA_Community/status/654689733214208001
Kristen Malzone (CA) :
@Srikanth - Thanks for joining!
Kristen Malzone (CA) :
@Srikanth - Do you have a question about CA Single Sign-On?
srikanth :
@Kristen...yes thank you
srikanth :
Can CA SSO act as an OAuth provider?
Aaron Berman :
@Srikanth - SSO can consume Oauth but not create it. If we need to generate Oauth tokesn we generally do it as part of our integration with the Layer 7 gateway.... What is your use case?
Steven Bankowitz (CA) :
Srikanth, any other questions?
srikanth :
Sorry , i got disconnected...if i can still ask a question
Kristen Malzone (CA) :
Sure!
srikanth :
can we REST Authentication webservice (SPS) to recieve SMSESSION token and use it to access protected resource by a traditional web agent?
Shahn Soomro (CA) :
@Srikant.. the short answer is yes.
srikanth :
and does REST API accept users X509 digital certificate?
Shahn Soomro (CA) :
you can get an SMSession by authenticating via REST webserivess and reuser the SMSession for another webservivce or web application.
srikanth :
Thanks Shahn...session token we recieve ...can we use it to build SMSESSION token and pass it to traditional web agent?
srikanth :
Build SMSESSION cookie ...using session token we recieve after succeful authentication?
Shahn Soomro (CA) :
you get an SMSession token ..so you dont need to build one..you cannot build a SMSession token without using SSO Agent libriaries
Shahn Soomro (CA) :
the SMSession token you receive is SMSession cookie.. you can save it and re-use it
Shahn Soomro (CA) :
you get that as part of REST response on successful authentication
srikanth :
Thanks ...and webservice...can it accept users digital certificate as a credential
srikanth :
another question....any plans to support FIDO alliance CA SSO? to offer password less authentication?
Shahn Soomro (CA) :
that I will have to investigate..the OOTB webservices API examples use basic (username/password) as authentication method..technically I dont see a reason for it not be able to use a different auth mechanism as long as you can create the correctly formated request ..but I have not done it myself
Kristen Malzone (CA) :
Ok that's all the time we have for today!
srikanth :
Thanks every one...i will post my questions in next office hours.
Kristen Malzone (CA) :
You can also post questions to the CA Security Community!
Kristen Malzone (CA) :
We'll post the transcript today's chat session to the Security Community.
Shahn Soomro (CA) :
Yes CA is part FIDO alliance .and yes we intend to support the FIDO authentication enabled clients in due time
Kristen Malzone (CA) :
Thanks for joining today, Srikanth!