Idea Details

Enhancement Request: CA Single Sign-on JBOSS Agent

Last activity 12-17-2016 09:10 AM
Jose Rosario's profile image
07-07-2015 12:22 PM

Currently, the JBOSS agent creates two principle objects that gets passed to the web application that is hosted by JBOSS.

The principles are as follows:

 

User ID

Role Value

 

The 2 enhancements that are being requested for the JBOSS agent are:

 

• Ability to support multiple principal roles / groups per user. Currently, it only supports one role/group per user.
• Ability to allow the JBOSS agent to pass in user profile information as part of a principle object. Currently it only supports user ID and a role/group principle object.

 

Reasons:

Every or most J2EE application supports the ability to maintain multiple roles or group membership per user. The current ability to support one principle role, limits the practical usage of the JBOSS agent within the business policies of the organization. Also, organizations are leveraging user profile information to enhance the authorization model. For example, If an end user is listed as a grade 4, level C person from a security perspective and is on the Engineering team that person would have access to the engineering and deployment plans. A person at the same security clearance, but from a different department will not be entitled to view the plans. In order to code this scenario, one would have to manually gather the information from the repository and also incorporate the information being delivered by the JBOSS agent. The enhancement will, basically deliver the required information once thru one method and allow the application to simply map the access. It'll also reduce the number of repeated established connections to obtain the additional profile information from the repository. One gets to the point, where the question is asked "Why am I using the agent if I have to manually gather additional information out side of the agent"..... The point to the matter, is the current features of the JBOSS agent is limiting and requires a companion solution to address the data requirements required per user.

 

Summary of Enhancement

• Leverages multiple roles per user.

• Leverage profile information that can configured thru SiteMinder and passed along thru the JBOSS agent.

 

 

Jose Rosario


Comments

01-05-2016 07:11 AM

Thank you for your contribution of an enhancement idea to the CA Community. CA is continually working to improve its software and services to best meet the needs of its customers. Your input is vital to that effort. The CA Single Sign-On Product Management team has reviewed your enhancement suggestion and decided to maintain the idea for possible consideration in a future release. The Community will continue to be able to vote on this enhancement idea.

07-10-2015 01:24 PM

This is to explain Jose about how to add the contents.