When running a Policy Server 12.7, one might ask if Policy Server and
Siteminder can can handle token generation and mangement like standard
OIDC server ?
At first glance, yes indeed, SiteMinder can act as OIDC Provider (1).
Siteminder can produce access token too. Note that Policy Server and
CA Access Gateway (SPS) 12.7 are out of support as per our EOS-EOL
Finally, Siteminder delivers OpenID Authentication Scheme, which has
limited scope as many providers are now deprecated (3).
Use SiteMinder as OpenID Connect Provider
You can use SiteMinder as an OpenID Connect Provider (OP) that uses
the OpenID Connect 1.0 protocol. The protocol allows clients to verify
the identity of the users that are authenticated by the authorization
server, and obtain basic profile information. You can configure
SiteMinder to authenticate users and generate token for native and web
applications in the following flows:
- Authorization Code Flow that returns the tokens from Token
Endpoint. Use Authorization Code Flow for Clients that can secure
their communication with Authorization Server.
- Implicit Flow that returns the tokens from Authorization
Endpoint. Use Implicit Flow for Clients that are browser-based, use
a scripting language, and are Single-Page Applications.
Symantec SiteMinder Release and Support Lifecycle Dates
| Product | Release | Service Pack/Genlevel | End of Service (EOS) |
| | | | End of Life (EOL) |
| | | | or Stabilization Date |
| Symantec Site Minder (CA Single Sign-On) | 12.7 | 02 | October 31, 2020 - EOS |
OpenID Authentication Scheme
Most of the providers (including Yahoo) that are listed in the default
forms credential collector (FCC) have deprecated the support for
OpenID 1.1 and OpenID 2.0. Before you use a provider, verify that
OpenID is still supported by the provider. If a provider does not
support OpenID, modify the FCC file to remove the provider.
The OpenID authentication scheme lets users submit credentials through
an OpenID provider. The OpenID provider authenticates the user and
sends an authentication response to the Policy Server. The Policy
Server verifies the response, completes the authentication process,
and authorizes access to the resource.