Previous Topic: Authorization SOAP ServiceNext Topic: Integrating the CA SiteMinder® SPS with SiteMinder


Authorization REST Interface

The REST interface for authorization is http://hostname:port/authazws/AuthRestService/authz/appID/Resource:

<authorizationRequest>
<action>POST</action>
<resource>RealmA/index.html</resource>
<sessionToken>affl;;alkf;l;fd</sessionToken>
</authorizationRequest>

HTTP return Code 200:

<authorizationResult >
<message>The user is authorized.</message>
<resultCode>AUTHORIZED</resultCode>
</authorizationResult >

Security Token Service

CA SiteMinder® SPS supports Secure Token Service (STS) to provide a WS-Trust-based mechanism for token issuance and translation. You can deploy one or multiple STS instances on a CA SiteMinder® SPS machine.

Deploy Multiple SPS Instances

To deploy multiple STS instances, all the STS instances must have the same log4j configuration so that each STS instance logs in to the individual log file.

Follow these steps:

  1. Perform one of the following tasks:
  2. Navigate to installation_home/proxy-engine/conf/sts-config/globalconfig.
  3. Open the agent-multiinstance-log4j.xml file.
  4. Perform the following steps for each STS instance:
    1. Create an appender for the STS instance.

      Note: By default, the file contains one appender for an STS instance.

    2. Replace [SPS ROOT FOLDER] with the CA SiteMinder® SPS root folder path in the appender.
    3. Replace [STS Service Name] with the service name of the STS instance in the appender.
  5. Save the changes.
  6. Restart CA SiteMinder® SPS.

    A log file for each STS instance is created in installation_home/proxy-engine/logs with the following format:

    STS_service_name.log
    
  7. Verify that each STS instance logs in to the individual log files.