Policy Server Guides › Policy Design Guide › CA SSO/WAC Integration › Configure Single Sign-On from CA SSO to SiteMinder

Configure Single Sign-On from CA SSO to SiteMinder

SiteMinder provides single sign-on from CA SSO to SiteMinder.

To enable single sign-on from CA SSO to SiteMinder

Policy Server Configuration Steps

1. Configure the smauthetsso custom authentication scheme using the Policy Server User Interface.
2. Create a domain, realm, and rules using the Policy Server User Interface to protect any resource with the SiteMinder Web Agent.

   For more information, see Domains, Grouping Resources in Realms, or Rules.

3. Configure the smauthetsso custom authentication scheme to protect a resource.

CA WAC Web Agent Verification Steps

1. Configure the domain in the CA WAC Web Agent’s webagent.ini file by setting the following parameter:

   DomainCookie=<domain>

   where <domain> is the same domain (for example, test.com) for the CA SSO and SiteMinder Web Agents.

   The file is installed in the following location on the CA WAC Web Agent machine:

   C:\Program Files\CA\CAWebAccessControl\WebAgent\webagent.ini

2. Verify the following Web server and authentication method settings in the webagent.ini file:
   • The "Authentication methods" and "The default authentication method" parameters should be configured as SSO.
   • The WebServerName, PrimaryWebServerName, AgentName, NTLMPath and Secure should point to the machine where CA SSO Web Access Control is installed.
   • The ServerName attribute should point to the IP Address of the machine where the CA SSO Policy Server is installed.
   • For more information about configuring the CA WAC Web Agent, see the CA SSO documentation.

Note: For more information about configuring the CA WAC Web Agent, see the CA WAC documentation.

Web Agent or Secure Proxy Server Configuration Steps

1. Enable the SSO plug-in installed with the Web Agent or Secure Proxy Server, so that SSO Client cookies can be authenticated, by removing the comment character (#) from the following line in the WebAgent.conf file:

   #LoadPlugin=path_to_eTSSOPlugin.dll | path_to_libetssoplugin.so

   Note: The WebAgent.conf file is located as follows:

   6.x QMR 4 IIS 6.0 or Apache 2.0 Web Agent

   See the Web Agent Configuration Guide.

   6.0 Secure Proxy Server

   SPS_install_dir\proxy-engine\conf\defaultagent\

   SPS_install_dir

   Secure Proxy Server installation directory

2. Restart the Policy Server.

Overall Verification Steps

1. Restart the CA WAC Web Agent, SiteMinder Policy Server, and Web server hosting the Policy Server User Interface.
2. Access a resource protected by the CA WAC Web Agent and provide valid credentials.
3. Access a resource protected by the SiteMinder Web Agent in the same browser.

   You should be able to access the resource without being rechallenged by SiteMinder.

More information:

Configure an smauthetsso Custom Authentication Scheme