Policy Server Guides › Policy Server Configuration Guide › CA SSO/WAC Integration › Configure Single Sign-On from CA SSO to SiteMinder

Configure Single Sign-On from CA SSO to SiteMinder

CA SiteMinder® provides single sign-on from CA SSO to the product.

Follow these steps:

Policy Server Configuration Steps

1. Configure the smauthetsso custom authentication scheme using the Administrative UI.
2. Create a domain, realm, and rules. Protect any resource with the Web Agent.
3. Configure the smauthetsso custom authentication scheme for the protected resource.

WAC Web Agent Verification Steps

1. Configure the domain in the webagent.ini file of the WAC Web Agent by setting DomainCookie=<domain>.

   Note: The Domain value must be the same for the CA SSO and CA SiteMinder® Web Agents. The file is installed on the WAC Web Agent computer at C:\Program Files\CA\WebAccessControl\WebAgent\webagent.ini

2. Verify the following web server and the authentication method settings in the webagent.ini file:
   • Configure the "Authentication methods" and "The default authentication method" parameters to SSO.
   • The WebServerName, PrimaryWebServerName, AgentName, NTLMPath, and Secure must point to the computer where SSO Web Access Control is installed.
   • Point the ServerName attribute to the IP Address of the computer where the CA SSO Policy Server is installed.
   • For more information about configuring the WAC Web Agent, see the CA SSO documentation.

CA SiteMinder® Web Agent or CA SiteMinder® SPS Configuration Steps:

1. Enable the SSO plug-in that is installed with the Web Agent or CA SiteMinder® SPS. This plug‑in authenticates the SSO Client cookies. Remove the comment character (#) from the following line in the WebAgent.conf file:

   #LoadPlugin=path_to_eTSSOPlugin.dll | path_to_libetssoplugin.so

   Note: The WebAgent.conf file is located as follows:

   Apache 2.0 Web Agent

   6.0 CA SiteMinder® SPS

   SPS_install_dir\proxy-engine\conf\defaultagent\

   SPS_install_dir

   CA SiteMinder® SPS installation directory

2. Restart the Policy Server.

Overall Verification Steps

1. Restart the WAC Web Agent, the Policy Server, and the web server hosting the Administrative UI.
2. Access a resource that the WAC Web Agent protects. Provide valid credentials.
3. Using the same browser, access a resource that the Web Agent protects in the same browser.

   The resource appears without a challenge for credentials.