ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.
Use of Secure Proxy Server to implement a Federation flow with SAML 2
Article ID: 97695
CA Single Sign On Secure Proxy Server (SiteMinder)CA Single Sign On SOA Security Manager (SiteMinder)CA Single Sign-On
We need to configure an Initiate Single Sign-on from the IdP or SP between the last version of CA Single Sign On (12.7 as IDP) and the our actual infrastructure that use CA SiteMinder 12.52 sp1 (as SP).
We'd like to know :
1. Is Web Agent Option Pack included in your license for CA SiteMinder 12.52 ?
2. Is CA Access Gateway (SPS) included in your license for CA SiteMinder 12.52 ?
3. If it's mandatory/best practice install the SPS in a dedicated server or if it's possible install it on the same server of a Policy Server ?
Release: MSPSSO99000-12.8-Single Sign-On-for Business Users-MSP Component:
At first glance, you should note that the latest version of CA Single Sign-On (SiteMinder) is 12.8.
Here are the answers to your questions :
1. Quickly, to see if you have the license to download and use the Web Agent Option Pack and CA Access Gateway (SPS), you can try to download them :
More, having the Policy Server on the same machine of the CA Access Gateway might bring security concerns. As per best practice, the Policy Server should be isolated from Internet Access as it holds the company security data.
The main advantage of using SPS, you'll have an all in one Federation Component. SPS is also available to the latest version 12.8, and in included Session Linker, and all the new functionalities of the Federation Side as OpenID Connect and others.
Further readings :
Using CA Access Gateway as a Web Agent Replacement https://communities.ca.com/message/242035604-using-ca-access-gateway-as-a-web-agent-replacement
Web Agent Option pack to SPS plans, approches https://communities.ca.com/message/242107049-re-web-agent-option-pack-to-sps-plans-approches?commentID=242107049#comment-242107049