Configure Single Sign-On from CA SSO Client to SiteMinder

Policy Server Guides › Policy Design Guide › CA SSO/WAC Integration › Configure Single Sign-On from CA SSO Client to SiteMinder

Site Minder provides single sign-on from the CA SSO Client to SiteMinder.

To enable single sign-on from a CA SSO Client to SiteMinder:

Policy Server Configuration Steps

Configure the smauthetsso custom authentication scheme using the Policy Server User Interface.
Create a domain, realm, and rules using the Policy Server User Interface to protect any resource with the SiteMinder Web Agent.
Configure the smauthetsso custom authentication scheme to protect a resource.
Create a policy that grants access to the protected resource to users who already have access the browser protected by the CA SSO Client.

CA SSO Client Verification Steps

In the CA SSO Client’s SsoClnt.ini file, set the following:

DomainNameServer=<eSSO_WA_FQDN> <SM_WA_FQDN>

<eSSO_WA_FQDN>: (Optional) Specifies the CA WAC Web Agent’s fully qualified domain name
<SM_WA_FQDN>: Specifies the SiteMinder Web Agent’s fully qualified domain name.

Example:

DomainNameServer=http://abc.mycompany.com http://xyz.mycompany.com

The SsoClnt.ini file is installed in the following location on the CA SSO Client machine:

C:\Program Files\CA\CA SSO\Client

Note: For more information about configuring the CA SSO Client, see the CA SSO documentation.

Overall Verification Steps

Restart the CA SSO Client, SiteMinder Policy Server, and Web server hosting the Policy Server User Interface.
Access the protected browser through the SSO Client and enter the URL of the resource protected by the SiteMinder Policy Server.
You should be able to access the resource without being rechallenged by SiteMinder.

More information: