Integrating with CA SiteMinder › How to Set Up Web Single Sign-on

How to Set Up Web Single Sign-on

By default, CA Service Catalog uses CA EEM to authenticate users’ requests. However, you can optionally use CA SiteMinder to provide web based single sign-on (SSO) and enhanced authentication to CA Service Catalog users; for conceptual details, see Authentication with CA SiteMinder. To implement web based (SSO) and enhanced authentication to CA Service Catalog users, complete the following tasks:

1. Install and configure CA SiteMinder, including its Policy Server and CA SiteMinder Web Agent.

   For instructions, see your CA SiteMinder documentation.

2. Redirect authentication requests from your web server to Tomcat. Here, your web server (such as Apache or Microsoft Internet Information Server [IIS]) has the CA SiteMinder web agent installed.

   For instructions, see your web server documentation.

3. In the eTrust SiteMinder Administration GUI, configure CA SiteMinder to protect CA Service Catalog resources by performing the following tasks. For instructions, see your CA SiteMinder documentation.
   1. Open the policy server UI.
   2. Create an agent object for CA Service Catalog; do not check support 4.x Agents”
   3. Create an agent configuration object for the agent you just created.
   4. Create a host configuration object.
   5. Optionally, create an authentication scheme.
   6. Create a realm and a rule with the resource filter as usm/*.
   7. Create a CA Service Catalog domain and add the user directories, administrator, and realm to the domain.
   8. Create a policy and add the rule that you just created to the policy.
4. Configure Catalog Component to accept single sign-on from CA SiteMinder, as explained in Accept Web Single Sign-on.
5. In the Administration, Configuration section of the CA Service Catalog GUI, configure the external authentication parameters to match CA SiteMinder; for details, see the Implementation Guide.