SSO between 2 disparate environments.

book

Article ID: 51039

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) AXIOMATICS POLICY SERVER CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Description:

Requirement: Enable Sing Sign-On between 2 different environment (see below) in both direction, meaning an user authenticated on the first environment should be able to access an application protected by the second environment without being prompted for credentials again. The contrary must be also true.

Environment 1:

Policy Server R12 SP2

Environment 2:

IM 8.1 / Policy Server 6 SP5

User Stores: Active Directory (AD 2003)
Environment 2 is linked to an AD (External Users) and Environment 2 is linked to an AD with internal users and an AD with external users.

Web Agent version:

Both R12 and 6 SP5 CR35

Web Server:

OAS and ASF Apache 2.2.x

Solution:

You need to:

  • Share a KeyStore R6, which is readable by both SiteMinder R6 and R12 Policy Server.
  • Configure the Authentication and Validation Directory Mapping between the User Directory on SiteMinder r12 and User Directory on SiteMInder r6 (if they have different names).

Environment

Release:
Component: SMPLC