1 to 10 of 13
Sort by

Blog Entry
CA Community GO! Marking Answers as Correct

    Welcome to the Community GO! A video walk-through series to help both new and veteran community members learn more about the CA Community platform. This tutorial focuses on marking questions that have received the proper answer, as correct. Doing so rewards individuals...

Library Entry
Performance Testing

Performance testing is something we often get asked about by our API management and SOA governance customers. We have encountered situations where understanding of what constituted good performance was not clear at the beginning of a test effort. Benchmarking Web services usually involved...

Library Entry
SAML Token Caching for Improved Identity Performance

Issuing SAML tokens in a SOA or Cloud policy operation is a common use case, but there are two core concerns that need to be addressed in production-class deployments: Public Key cryptography required to sign the token is expensive in terms of CPU usage If there is a single path through...

Library Entry
OpenSSO IAM Integration

As the entry point to an organization's services, XML, SOA and API gateways are responsible for controlling access. This typically involves authentication and authorization against a user directory (LDAP). However, it is often the case that identity and access management (IAM) is handled by some...

Library Entry
Federating Web Services

What is an STS and why do we have so many of them? In the broad category of message-oriented security in web services, each message contains a security token; in SOAP messages these are provided in the Security section in the SOAP header. In some of the more common usage patterns, that token is...

Library Entry
Establishing Kerberos Token-Based Authentication

As part of many organizations, authenticating to a Windows environment is key to providing an overall security structure for internal users. In combination with the API Gateway, CA provides the ability to not only extend the Kerberos frame work being used but allows identity and protocol mapping...

Library Entry

These tutorials will get you started on the path of ITPAM. To use this material, import the XML to PAM and enjoy it. Work in PAM 3.1 and 4.*.   Best regards, Douglas Lima

Library Entry
JSON Schema Validation

When protecting an endpoint from XML-based attacks, not only are payloads scanned for code injections, malicious entity declarations and parser attacks, XML documents are actually validated against strict schemas that clearly describe expected document structures. Enforcing this type of...

Library Entry
Securing an OData API

In this tutorial, we’re going to look at how the CA API Gateway can be used to secure and constrain an OData API. Some time ago, CA Distinguished  Engineer Scott Morrison wrote a blog post on the vulnerabilities of OData, using an experimental Netflix API as an example. The premise...