Offline operation for SSO application

book

Article ID: 51147

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) AXIOMATICS POLICY SERVER CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Description:

Single Sign-On applications in offline mode. How to use an application when you cannot connect to the SSO server.

Solution:

Q. What is Offline Operation?

A . Offline operation is when you like to run certain application without network connectivity. Offline operation lets the user log onto SSO and launch SSO-enabled applications, when the SSO Client cannot connect to the SSO Server.

Q. When do you use offline operation?

A. Offline application is marked to be used offline when you have no connectivity to the SSO server, so the user could continue with his/her daily operation without being interrupted.

Q. How does offline application work?

A. Once the application is marked for offline, the first time and every time you logon to the SSO Client, it copies all the necessary data from the server on to the client machine (ex: scripts, encrypted password..etc) and once you can't connect to the SSO server it uses that data to log you on to any of the application and let you know normally.

To enable (or disable) offline operation

  • Open the Client.ini file.

  • By default this is installed in the following location:

    • C:\Program Files\CA\eTrust SSO\Client\cfg

  • Find the [OfflineOperation] section.

    • Edit the following value:

    • Enabled

    • Defines whether you want to enable Offline Operation. This lets users connect to SSO when the SSO Client cannot establish connection to the SSO Sever and/or the authentication agent.

    • Value: [yes|no]

    • Default: yes

  • Save the Client.ini file.

Note: If modified on a local machine, we recommend that you shut down the SSO Client (including SSO Tools, SSO Status Icon and SSO Launchbar) before you make any changes to the configuration files. If you do not shut down the SSO Client, you must restart it for changes to take effect.

Mark an Application for Offline Use

You can mark any SSO-enabled application for offline use. This means that the user can log on to this application while the SSO Client is unable to connect to the SSO Server or authentication agent. You will need to modify your script to run in offline mode as well, if it requires resources from the server while it is unavailable the offline operation will fail.

To mark an application for offline use

  1. Open the Policy Manager.

  2. Navigate to Application Resources, Application.

  3. Double-click the application you want to mark for offline use.

  4. Select the Attributes icon.

  5. Select the Available Offline check box.

    <Please see attached file for image>

    Figure 1

Once you have completed these steps, please test the result by first logging into the SSO client while the server is available.
Logoff and log back in again with the server not available, it will prompt you letting you know that the SSO server is not available.

Now you should be able to see those applications that were set for offline use.
Click on the application and run them to see if there are any issues.

Now you have completed the offline application configurations.

Environment

Release: SOASA199000-12.1-SOA Security Manager-w/ SOA Agent Addl CPUs
Component:

Attachments

1558722993487000051147_sktwi1f5rjvs16wor.gif get_app