Configuring Catalog SAML authentication via Siteminder
Article ID: 393008
Updated On:
Products
Issue/Introduction
How to configure Siteminder (CA Single Sign On) authentication for Service Catalog using WSFED.
Environment
Service Catalog 17.4 working on SSL
Siteminder 12.8.7
Resolution
Pre-Requisite: Configure Service Catalog to use SSL via the SSL Configurator Utility or Manual steps.
Siteminder Configuration:
1. Create a WSFED Identity Provider with a Local Entity
Base URL: Set the SSL Siteminder Base URL here.
Passive Requested Service URL: Set the SSL WSFED Siteminder URL.
Sign-Out URL: Set the SSL WSFED Siteminder URL.
2. Create a WSFED Resource Partner with a Remote Entity
Entity ID: Set the Catalog SSL URL. ie: https://<CatalogHostname>:<SSL_Port>/usm/wpf
Remote Security Token Consumer Service URL: Set the Catalog SSL URL. ie: https://<CatalogHostname>:<SSL_Port>/usm/wpf
3. Create a Partnership by selecting the option as WSFED IP > RP
Remote Partner ID: Set the Catalog SSL URL. ie: https://<CatalogHostname>:<SSL_Port>/usm/wpf
Base URL: Set the SSL Siteminder Base URL here.
Authentication URL: Set the SSL Siteminder Base URL here.
Audience: Set the Catalog SSL URL. ie: https://<CatalogHostname>:<SSL_Port>/usm/wpf
Remote Security Token Consumer Service URL: Set the Catalog SSL URL. ie: https://<CatalogHostname>:<SSL_Port>/usm/wpf
Passive Requestor Service URL: Set the SSL WSFED Siteminder URL.
Sign-Out URL: Set the SSL WSFED Siteminder URL.
4. Restart SiteMinder services on both the policy server and Admin UI.
Service Catalog Configuration:
1. Configure the SAML Authentication in Service Catalog Administration: Configure SAML for CA Single-Sign On
2. Update the web.xml to allow Siteminder servers: Enable SAML Authentication for CA Service Catalog Tomcat Web Servers
4. Restart Catalog services after the changes above.
Additional Information
Feedback
