SSO between 2 disparate environments.

Article Id: 51039

Status: Published

Updated On: 14-02-2018 07:30

Legacy Id: TEC537588

Products:

CA Single Sign On Secure Proxy Server (SiteMinder) , AXIOMATICS POLICY SERVER , CA Single Sign On SOA Security Manager (SiteMinder) , CA Single Sign-On , CA Single Sign-On

Issue/Introduction:

Description:

Requirement: Enable Sing Sign-On between 2 different environment (see below) in both direction, meaning an user authenticated on the first environment should be able to access an application protected by the second environment without being prompted for credentials again. The contrary must be also true.

Environment 1:

Policy Server R12 SP2

Environment 2:

IM 8.1 / Policy Server 6 SP5

User Stores: Active Directory (AD 2003)
Environment 2 is linked to an AD (External Users) and Environment 2 is linked to an AD with internal users and an AD with external users.

Web Agent version:

Both R12 and 6 SP5 CR35

Web Server:

OAS and ASF Apache 2.2.x

Solution:

You need to:

Share a KeyStore R6, which is readable by both SiteMinder R6 and R12 Policy Server.
Configure the Authentication and Validation Directory Mapping between the User Directory on SiteMinder r12 and User Directory on SiteMInder r6 (if they have different names).

Environment:

Release:
Component: SMPLC