Creating a read-only administrator who can query federation certificates
search cancel

Creating a read-only administrator who can query federation certificates

book

Article ID: 393265

calendar_today

Updated On:

Products

SITEMINDER CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On Secure Proxy Server (SiteMinder)

Issue/Introduction

What is the minimal set of permissions required in the Siteminder AdminUI to create a read-only admin who can query federation certificates?

Environment

All Supported Releases

Resolution

To create a read-only administrator who can query the federation certificates via REST API:

-Create Legacy Admin via Legacy Administrators page
-Select CA Single Sign On DB
-Select Domain Admin, select no Tasks or Scope (leave these blank)
-Open Administrators page
-Open the new legacy admin in modify mode
-Do not select Superuser, do not select Disabled, Select No Workspace
-Select Remote API allowed
-Below Rights click Add (this step can be skipped if the Federation Administration right is already visible)
-Select Federation Administration, click Submit
-Scroll to the bottom and make sure the V checkbox is selected next to Federation Administration
-Submit again, confirm prompt

In REST API, you first have to query the certs via:
/ca/api/sso/services/policy/v1/FedCertificates

This will return a list of all fed certs.  You can then query the details of each one via:
/ca/api/sso/services/policy/v1/FedCertificates/<certalias>

Powered by Wolken Software