ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Issues when federating Zscaler with Siteminder

book

Article ID: 200479

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER

Issue/Introduction

We're integrating SiteMinder with Zscaler as SP using the Zscaler
documentation here :

  SAML Configuration Guide for CA Single Sign-On
  https://help.zscaler.com/zia/saml-configuration-guide-ca-single-sign-on 

We'd like to know where to set the parameter :

  <% String msg = (String)request.getParameter("RelayState");
  String redirectURL = "https://myidpserver.mydomain.com/affwebservices/public/saml2sso?SPID=zscaler
  .saml2&ProtocolBinding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST&RelayState="+msg;response.sendRedirect(redirectURL);
  %>

Which WAR file is the one this string have to be added ? In
affwebservices.war deployed on the SPS's Tomcat? the path would be
webapp/WEB-INF/ ?

Environment

Release : 12.8

Component : SITEMINDER -WEB AGENT FOR APACHE

Resolution

 

At first glance, it seems to be on the Zscaler component, to give to
build the URL to redirect to the IDP which you run.

More, Broadcom has also a document about this integration which
relates the same as above :

CA SiteMinder Federation Runbook for Zscaler

   Obtain SiteMinder Redirection script from Zscaler document and add
   the jsp page to realm protected folder which is used for
   redirecting purpose

   p.6

https://ftpdocs.broadcom.com/phpdocs/1/8231/runbooks/CASM-ZScalerFederationRunbook-ver1.pdf

So in order to get more precision about the targeted .war file or
other file, please get in touch with Zscaler support.