Policy Server Guides › Policy Server Configuration Guide › CA SSO/WAC Integration › Configure Single Sign-On from SiteMinder to CA SSO

Configure Single Sign-On from SiteMinder to CA SSO

The product provides single sign-on to CA SSO environments.

To enable single sign-on from CA SiteMinder® to CA SSO using a CA SiteMinder® Web Agent or CA SiteMinder® SPS

Enable the CA SiteMinder® SSO Plug-in that is installed with the agent or CA SiteMinder® SPS:

For the Apache 2.0 Web Agent

• Remove the comment (#) character from one of the following lines in the WebAgent.conf file:
  • (Windows operating environments) #LoadPlugin=Path_to_eTSSOPlugin.dll_file
  • (UNIX or Linux operating environments) #LoadPlugin=Path_to_libetssoplugin.so_file

Note: Restart the web server after you modify the WebAgent.conf file so the new configuration settings take effect.

For the 6.0 CA SiteMinder® SPS

• Remove the comment (#) character from the following line in the WebAgent.conf file, which is located in <SPS_install_dir>\proxy-engine\conf\defaultagent\WebAgent.conf:

  #LoadPlugin=<Path to eTSSOPlugin.dll or libetssoplugin.so>

Note: Restart the CA SiteMinder® SPS after you modify the WebAgent.conf file so the new configuration settings take effect.

Follow these steps:

1. Configure the domain in the webagent.ini file of the WAC Web Agent by setting the following parameter:

   DomainCookie=<domain>

   where <domain> is the same domain (for example, test.com) for the CA SSO and CA SiteMinder® Web Agents.

   The file is installed in the following location on the WAC Web Agent computer:

   C:\Program Files\CA\WebAccessControl\WebAgent\webagent.ini

2. Verify the following web server and the authentication method settings in the webagent.ini file:
   • Configure the "Authentication methods" and the "Default authentication method" as SSO.
   • The WebServerName, PrimaryWebServerName, AgentName, NTLMPath, and Secure point to the computer where CA SSO Web Access Control is installed.
   • The ServerName attribute points to the IP Address of the computer where the CA SSO Policy Server is installed.

CA SSO Policy Manager Verification Steps

1. Ensure that the CA SiteMinder® and CA SSO Policy Servers use the same user or authentication store.
2. Verify the following settings:
   • An SSO administrator name and password. The CA SiteMinder® Policy Server uses the administrator name and password when authenticating to the CA SSO Policy Server through the smauthetsso authentication scheme.
   • The SSO ticket encryption key. The active response of the smetssocookie in the Policy Server requires the key.

CA SiteMinder® Policy Server Configuration Steps

1. Create a Web Agent, Agent Configuration Object, and Host Configuration Object using the Administrative UI.
2. Configure the CA SiteMinder® and CA SSO Policy Servers for the same user or authentication store.
3. Configure a smetssocookie (certificate) custom active response.
4. Create a domain, realm, and rules using the Administrative UI. Protect any resource with the CA SiteMinder® Web Agent.

   Note: When creating the rules, append the smetssocookie custom active response to them.

Overall Verification Steps

1. Configure the user with credentials to access resources that are protected by the CA SiteMinder® Web Agent and the WAC Web Agent.
2. Restart the CA SiteMinder® Policy Server and Web server hosting the Administrative UI.
3. Access the resource that is protected by the CA SiteMinder® Web Agent and provide this Web Agent with the appropriate user credentials.
4. In the same browser session, request a resource that is protected by the WAC Web Agent.

   Access to this resource should be granted without being prompted for credentials.

More information:

WebAgent.conf File Locations

Realms

Rules

Domains