Welcome to the Community GO! A video walk-through series to help both new and veteran community members learn more about the CA Community platform. This tutorial focuses on marking questions that have received the proper answer, as correct. Doing so rewards individuals...
Performance testing is something we often get asked about by our API management and SOA governance customers. We have encountered situations where understanding of what constituted good performance was not clear at the beginning of a test effort. Benchmarking Web services usually involved...
Issuing SAML tokens in a SOA or Cloud policy operation is a common use case, but there are two core concerns that need to be addressed in production-class deployments: Public Key cryptography required to sign the token is expensive in terms of CPU usage If there is a single path through...
As the entry point to an organization's services, XML, SOA and API gateways are responsible for controlling access. This typically involves authentication and authorization against a user directory (LDAP). However, it is often the case that identity and access management (IAM) is handled by some...
What is an STS and why do we have so many of them? In the broad category of message-oriented security in web services, each message contains a security token; in SOAP messages these are provided in the Security section in the SOAP header. In some of the more common usage patterns, that token is...
As part of many organizations, authenticating to a Windows environment is key to providing an overall security structure for internal users. In combination with the API Gateway, CA provides the ability to not only extend the Kerberos frame work being used but allows identity and protocol mapping...
These tutorials will get you started on the path of ITPAM. To use this material, import the XML to PAM and enjoy it. Work in PAM 3.1 and 4.*. Best regards, Douglas Lima
231150862.zip
When protecting an endpoint from XML-based attacks, not only are payloads scanned for code injections, malicious entity declarations and parser attacks, XML documents are actually validated against strict schemas that clearly describe expected document structures. Enforcing this type of...
In this tutorial, we’re going to look at how the CA API Gateway can be used to secure and constrain an OData API. Some time ago, CA Distinguished Engineer Scott Morrison wrote a blog post on the vulnerabilities of OData, using an experimental Netflix API as an example. The premise...