How to login into Identity Portal via SSO with Radius Authentication Scheme.

Document ID:  TEC1091839
Last Modified Date:  07/07/2017
{{active ? 'Hide' : 'Show'}} Technical Document Details

Products

  • CA Identity Suite

Releases

  • CA Identity Suite:Release:14.0 SP1
  • CA Identity Suite:Release:14.0

Components

  • SIGMA-Identity Suite:SIGMA
Introduction:

Customer need to use Radius Authentication Scheme instead HTML Form with SSO (Aka CA Siteminder).

CA Identity Suite documentation customer is guided to Switch the CA SSO Authentication Scheme Type to HTML Form Template.

How to achieve this customer's requests ?

 

Background:

Documentation States

Switch the CA SSO Authentication Scheme Type to HTML Form Template :

 https://docops.ca.com/ca-identity-suite/14-0/EN/ca-identity-suite-virtual-appliance/integrating-ca-identity-manager-with-ca-single-sign-on-using-ca-identity-suite-virtual-appliance#IntegratingCAIdentityManagerwithCASingleSign-OnusingCAIdentitySuiteVirtualAppliance-SwitchtheCASSOAuthenticationSchemeTypetoHTMLFormTemplate

 

Vapp 14.0.x is Working as Designed. 

Identity Portal uses the wildly built in security to allow access to the Portal Admin UI. 

When sending basic auth credentials to the Portal wildfly, the application server will always try to validate these credentials against its internal file based user repository (where only the Portal Admin user is configured). 

This behavior cannot be changed in the Portal.

Environment:
CA SSO 12.52 SP2 in Windows Server 2012R2 CA SSO WebAgent 12.52SP1 Apache Web Server
Instructions:

To support customer’s requirement, allowing end users to login into the Identity Portal via SSO with Radius Authentication 

(with basic authentication popup in a web browser) there is a workaround :

 

Setup a “Portal Radius Redirect page” on the SSO webagent and direct end users to browse to it (the page will auto redirect the users to the Portal after successful login with Radius). 

This redirect page will receive the basic auth headers, ignore them and redirect the user to the Portal page, this time without the headers. 

 

You will need to involve a SSO Administrator to accomplish this configuration. 

Here are the highlights of a setup used to achieve this: 

 

1. Under the SSO domain protecting the Portal realm define a new Realm (/Radius) for Radius authentication. 

 

2. Update Portal Domain Policy to have a new rule for the Radius Realm. 

 

3. Create an HTML page to act as an auto redirect (portal.html) – you would need to change the redirect URLs to fit your environment. 

 

Example : 

 

<!DOCTYPE HTML> 

<html lang="en-US"> 

<head> 

<meta charset="UTF-8"> 

<meta http-equiv="refresh" content="1; url=https://sso126.ca.com/sigma/"> 

<script type="text/javascript"> 

window.location.href= "https://sso126.ca.com/sigma/" 

</script> 

<title>Page Redirection </title> 

</head> 

<body> 

<!-- Note: link to Identity Portal.--> 

Radius Authentication Success - Redirecting to Identity Portal 

If you are not Redirected Automatically, follow this <a href='https://sso126.ca.com/sigma/'>Identity Portal</a>. 

</body> 

</html> 

 

 

Additional Information:

Please help us improve!

Will this information enable you to resolve your issue?

Please tell us what we can do better.

{{feedbackText.length ? feedbackText.length : '0'}}/255

{{status}}

Not what you were looking for?

Search Again >

Product Information

Support by Product >

Communities

Join a Community >