Integrated Windows Authentication Question
Article ID: 112176
Updated On:
Products
CA Single Sign On Secure Proxy Server (SiteMinder)
CA Single Sign On SOA Security Manager (SiteMinder)
CA Single Sign-On
Issue/Introduction
We're running a Web Agent to offer Kerberos Authentication Scheme. We'd like to know if it is
supported to have 2 Kerberos Authentication Scheme on the same Web Agent ? The Web Agent acts as cookie provider.
We'd like to know also if this has been tested internally.
Environment
Release: MSPJBO99000-12.52-Single Sign-On-Agent for JBoss-for MSP
Component:
Component:
Resolution
At first glance, as this is not a scenario offered in the
documentation, that might work having probably some customization. As
you know, we provide out of the box configuration of Kerberos
Authentication Scheme.
You should note that we support multiple Kerberos Domains in the same
krb5.conf file. As such, having different instances of Web Agents, you
might probably be able to achieve your goals.
In order to have more concrete experience feedback about this, we
strongly suggest you to consult CA Services. This team manage to do
implementation of CA Single Sign-On in companies, and as such, they
are the best positioned to tell you if this specific setting has once
been implemented successfully.
To get in touch with CA Services :
CA Services
https://www.ca.com/us/services-support/ca-services.html?intcmp=headernav
Contact CA Services
https://www.ca.com/us/contact/services.html
But here I cannot guarantee you 100% that this will work. In order to
get this setting fully QA'd, we'd like you to open and Idea on the
Security page :
1. Go to the CA Security Overview Page :
https://communities.ca.com/community/ca-security/ca-single-sign-on
2. Click on the "Actions" drop-down menu and select "Create an
idea."
3. Give your idea a title and detailed description to encourage
voting.
4. Publish and vote on your idea!
documentation, that might work having probably some customization. As
you know, we provide out of the box configuration of Kerberos
Authentication Scheme.
You should note that we support multiple Kerberos Domains in the same
krb5.conf file. As such, having different instances of Web Agents, you
might probably be able to achieve your goals.
In order to have more concrete experience feedback about this, we
strongly suggest you to consult CA Services. This team manage to do
implementation of CA Single Sign-On in companies, and as such, they
are the best positioned to tell you if this specific setting has once
been implemented successfully.
To get in touch with CA Services :
CA Services
https://www.ca.com/us/services-support/ca-services.html?intcmp=headernav
Contact CA Services
https://www.ca.com/us/contact/services.html
But here I cannot guarantee you 100% that this will work. In order to
get this setting fully QA'd, we'd like you to open and Idea on the
Security page :
1. Go to the CA Security Overview Page :
https://communities.ca.com/community/ca-security/ca-single-sign-on
2. Click on the "Actions" drop-down menu and select "Create an
idea."
3. Give your idea a title and detailed description to encourage
voting.
4. Publish and vote on your idea!
Feedback
Yes
No
Powered by
