What is OAuth functionality in CA SSO R12.7

Article Id: 74964

Status: Published

Updated On: 28-03-2018 10:57

Products:

CA Single Sign On Secure Proxy Server (SiteMinder) AXIOMATICS POLICY SERVER CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On CA Single Sign-On

Issue/Introduction:

OAuth is an open standard for access delegation, commonly used as a way for Internet users to grant websites or applications access to their information on other websites but without giving them the passwords. This mechanism is used by Social Network companies typically to permit the users to share information about their accounts with third party applications or websites.

What features are available with R12.7 CA SSO for Oauth?

Environment:

R12.7 CA SSO
Oauth Provider

Resolution:

1*) First of all, to name OAuth related specific features, in summary, that are supported in R12.51x, R12.52x, R12.6x and R12.7x:

Expanded OAuth RP support expands the ability to configure CA Single Sign-On to validate OAuth tokens provided by LinkedIn, Microsoft Live and Twitter.

OAuth Relying Party (RP) support provides the ability to configure CA Single Sign-On to validate OAuth tokens provided by Google and Facebook.

Attribute persistence allows CA Single Sign-On to maintain user attributes from SAML assertions or OAuth tokens in the session store, so that they can be used for authorization decisions throughout the user’s session.

Just-in-time provisioning interface for OAuth identities enables organizations to more quickly support new users needing access to RP-side applications.

So. we do support OAuth in many different product functions, from R12.51, 52, 12.6 and R12.7.

2*) A related question also might come up as – “What are the OAuth related business requirements, and can we meet those with the functionality provided in R12.7 CA SSO (or combined with any other CA products)?” CA can help customize beyond what is provided by the released product.

3*) Here are some OAuth links from the CA SSO R12.7 product document.

https://docops.ca.com/ca-single-sign-on/12-7/en/using/administrative-ui/federation-partnerships-reference/single-sign-on-dialog-oauth

https://docops.ca.com/ca-single-sign-on/12-7/en/using/administrative-ui/federation-partnerships-reference/user-identification-dialog-oauth

https://docops.ca.com/ca-single-sign-on/12-7/en/configuring/partnership-federation/configure-social-sign-on

https://docops.ca.com/ca-single-sign-on/12-7/en/using/administrative-ui/federation-partnerships-reference/configure-partnership-dialog-oauth

4*) In addition, CA’s APIM (i.e. API Management f.k.a. Layer 7) product supports Mobile Single Sign On and OAuth. APIM offers a complete end‐to‐end, standards‐based and proven security solution for mobile SSO. This solution uses OAuth 2.0, OpenID Connect, JWT and PKI standards. Communication is secured through APIM’s Mobile Access Gateway via mutual Secure Socket Layer configuration.

Here’s some info on CA API OAuth Toolkit.
https://docops.ca.com/ca-api-management-oauth-toolkit/3-6/en/ca-api-gateway-oauth-toolkit

Additional Information:

Please refer to R12.7 CA SSO and CA APIM product documentation for additional details.