CA Single Sign-On supports authentication with Security Assertion Markup Language (SAML), version 2.0. A Single Sign-On service can accept and decode SAML 2.0 tokens and can present them to authentication agents that conform to the SAML standard.
Single Sign-On support for SAML 2.0 includes support for single logout. With this support, a user who is logged in to multiple user interfaces can log out of all of them simultaneously. For example, a user who logs in to CA Performance Center and later drills down into flow data in CA Network Flow Analysis can log out of one interface and be logged out of the other interface automatically.
Single Sign-On uses a standards-based SAML 2.0 library. As a result, it potentially supports many more products that rely on the SAML 2.0 standards. However, the following CA products are the only Identity Providers that we have tested with CA Single Sign-On:
In a SAML environment, you can select from multiple authentication methods. CA Performance Center users can log in using the typical ('Product') authentication method in Single Sign-On, or they can use a SAML token. The Product method is enabled by default for all active user accounts. Users access the CA Performance Center user interface using the standard URL for CA Single Sign-On.
To let users authenticate using SAML 2.0, the administrator must change some Single Sign-On settings using the Configuration Tool. The administrator must also enable External Authentication for all user accounts, and for all registered data sources that support SAML 2.0.
Not all CA data source products support SAML 2.0. If you configure SAML 2.0 for external authentication in Single Sign-On and register a data source that lacks SAML support, CA Performance Center users must reauthenticate when they drill down into that data source.
|
Copyright © 2013 CA.
All rights reserved.
|
|