Policy Server Guides › Policy Server Configuration Guide › CA SSO/WAC Integration › Configure Single Sign-On from CA SSO to SiteMinder

Configure Single Sign-On from CA SSO to SiteMinder

SiteMinder provides single sign-on from CA SSO to SiteMinder.

To enable single sign-on from CA SSO to SiteMinder

SiteMinder Policy Server Configuration Steps

1. Configure the smauthetsso custom authentication scheme using the Administrative UI.
2. Create a domain, realm, and rules using the Administrative UI to protect any resource with the SiteMinder Web Agent.

   For more information, see Domains, Grouping Resources in Realms, or Rules.

3. Configure the smauthetsso custom authentication scheme to protect a resource.

WAC Web Agent Verification Steps

1. Configure the domain in the WAC Web Agent's webagent.ini file by setting DomainCookie=<domain>.

   Note: The value you specify for the domain must be the same for the CA SSO and SiteMinder Web Agents. The file is installed on the WAC Web Agent machine at C:\Program Files\CA\WebAccessControl\WebAgent\webagent.ini

2. Verify the following Web server and the authentication method settings in the webagent.ini file:
   • The "Authentication methods" and "The default authentication method" parameters should be configured as SSO.
   • The WebServerName, PrimaryWebServerName, AgentName, NTLMPath and Secure should point to the machine where SSO Web Access Control is installed.
   • The ServerName attribute should point to the IP Address of the machine where the CA SSO Policy Server is installed.
   • For more information about configuring the WAC Web Agent, see the CA SSO documentation.

   Note: For more information about configuring the WAC Web Agent, see the WAC documentation.

SiteMinder Web Agent or Secure Proxy Server Configuration Steps:

1. Enable the SSO plug-in installed with the Web Agent or Secure Proxy Server, so that SSO Client cookies can be authenticated, by removing the comment character (#) from the following line in the WebAgent.conf file:

   #LoadPlugin=path_to_eTSSOPlugin.dll | path_to_libetssoplugin.so

   Note: The WebAgent.conf file is located as follows:

   • r12.0 SP2 IIS 6.0 or Apache 2.0 Web Agent

     See the Web Agent Configuration Guide.

   • 6.0 Secure Proxy Server

     SPS_install_dir\proxy-engine\conf\defaultagent\

     SPS_install_dir

     Secure Proxy Server installation directory

2. Restart the Policy Server.

Overall Verification Steps

1. Restart the WAC Web Agent, SiteMinder Policy Server, and Web server hosting the Administrative UI.
2. Access a resource protected by the WAC Web Agent and provide valid credentials.
3. Access a resource protected by the SiteMinder Web Agent in the same browser.

   You should be able to access the resource without being rechallenged by SiteMinder.