Set Up CA SiteMinder to Support Single Sign-On with Community Manager

Learn how to set up CA SiteMinder and create login for Community Manager.

Using Admin Console CA SiteMinder Use Cases

Integrate CA SiteMinder with Policy Manager (Main Topic)

Table of Contents

  1. Introduction
  2. Setup CA SiteMinder Login for Enterprise API Platform
  3. Complete Integrate CA SiteMinder with Policy Manager 7.x Steps
  4. Setup OAuth Provider Domain to use CA SiteMinder in Community Manager

Introduction

SOA Software Enterprise API Platform (i.e., Community Manager) uses CA SiteMinder facilities in two ways:

  • To authenticate credentials and SSO tokens for the CA SiteMinder Identity System defined in SOA Software Policy Manager.
  • To perform a CA SiteMinder managed login process when connecting to the Enterprise API Platform portal (i.e., Community Manager) or when issuing an OAuth/OpenID access token.

Note: Community Manager must be installed and configured prior to performing these configuration tasks.

Setup CA SiteMinder Login for Enterprise API Platform

Customers who are integrating with other SOA Software Products (e.g., SOA Software Enterprise API Platform) must create a global on/off accept rule for agents. Many of the properties defined in this section are referenced when you configure the CA SiteMinder Identity System in Policy Manager, and enable Single Sign-On functionality with other SOA Software products.

The setup process isĀ  accomplished by performing the following configuration tasks in CA SiteMinder:

  • Define a domain for access control
  • Define an authentication realm
  • Define global policies
  • Protect login redirect page

Step 1: Define Domain for Enterprise API Platform Access Control

The domain contains all the access control definitions that SOA Software Enterprise API Platform will use When the CA SiteMinder Identity System is defined in Policy Manager, the Identity System is associated with the Domain.

When you check "Global Policies Apply," this enables responses to be processed from authentication requests in the Domain. In addition, checking this option adds the CA SiteMinder resource to the Admin > Domains section of the Enterprise API Platform portal so it is available for selection when you define an OAuth Provider.
  1. Launch the CA SiteMinder "Domain Dialog" and create a new CA SiteMinder Domain.
  2. Verify that the "Global Policies Apply" checkbox is checked.


    SiteMinder Domain Dialog - SiteMinder Domain Dialog

Step 2: Define SOA Authentication Realm

SOA Software Enterprise API Platform uses a common, bare Realm to authenticate all credentials and SSO tokens under the CA SiteMinder Identity System.

  1. Define a Realm using the Basic Authentication Scheme.


    SiteMinder Domain Dialog - SiteMinder Realm Dialog

Step 3: Define the Global Policies for Community Manager

Global Policies must be defined to allow user information to be extracted from LDAP and passed into SOA Software Enterprise API Platform. This is to allow Enterprise API Platform to know the name and email address of the user logging into Enterprise API Platform using CA SiteMinder.

  1. Define a Global Rule as follows:


    SiteMinder Domain Dialog - SiteMinder Global Rule Dialog

  2. The next step is to configure a Global Response Object. The Global Response Object facilitates the login to the Enterprise API Platform via CA SiteMinder. The purpose of the Global Response Object is to get information from the CA SiteMinder controlled User Directory into the Enterprise API Platform.

    Define Global Responses as follows (customer’s LDAP attributes may be different).


    SiteMinder Domain Dialog - SiteMinder Global Response Dialog

  3. Define a Global Policy as follows:


    SiteMinder Domain Dialog - SiteMinder Global Policy Dialog

Step 4: Protect the Community Manager Login Redirect Page

SOA’s SiteMinder Security Provider feature includes a small HTML page that will redirect a browser to a specified URL. This page must be loaded onto the customer’s web site and placed under protection of the customer’s SiteMinder Web Agent. After the page is loaded, perform the following steps to protect it.

  1. Define a new Realm if necessary. (Some customers will already have appropriate Realms defined).


    SiteMinder Domain Dialog - SiteMinder Realm Dialog

  2. Define a Rule under the Realm:


    SiteMinder Domain Dialog - SiteMinder Rule Dialog

  3. Define a Policy to protect the redirection page and on the Rules tab:


    SiteMinder Domain Dialog - SiteMinder Policy Dialog


    SiteMinder Domain Dialog - SiteMinder Policy Dialog

back to top

Complete Integrate CA SiteMinder with Policy Manager 7.x Steps

Complete steps 1-6 outlined in Integrate CA SiteMinder with Policy Manager 7.x. For Step 6, use the Configure CA SiteMinder Identity System in Policy Manager (Integrate Other SOA Software Products).

back to top

Setup OAuth Provider Domain to use CA SiteMinder in Community Manager

The final step in the process is to install the OAuth Provider features to the Community Manager container, launch the SOA Software Enterprise API Platform portal (i.e., Community Manager) and enable the domain in the Site Administrator > Config > Logins section of the platform or select it as a Resource Owner Authentication Domain when defining an OAuth Provider.

for more information, refer to Domains (developer portal help).

back to top