CA SINGLE SIGN-ON
SmWalker for CA Single Sign-On
SmWalker for CA Single Sign-On is a general purpose scripting language that with the appropriate user written scripts can perform many useful functions that involve searching, reading and writing user store data from an LDAP directory. It can be used as Active Response, Active Rule and active Policy.
SmWalker for CA Single Sign-On can also be used as an Authentication Scheme wedge that is inserted between the CA SSO Authentication service and an out-of-the-box authentication scheme.
Advanced Certificate Authentication for CA Single Sign-On
Advanced Certificate Authentication for CA Single Sign-On enables customers to specify LDAP search filters to map data from their certificates to data in their user store in order to determine which account in the user store to associate with the session being authenticated.
Logon Web Service for CA Single Sign-On
Logon Web Service for CA Single Sign-On is a Web Application implementing the CA Single Sign-On authentication and authorization operations as a web service.
Impersonation for CA Single Sign-On
Impersonation for CA Single Sign-On extends the functionality of CA Single Sign-On to enable one set of users to ‘impersonate’ another set of users (Customer Service Rep use case, CSR), or to enable a user who has multiple accounts to switch between accounts, without having to re-submit authentication credentials (Persona use case).
Knowledge Based Authentication for CA Single Sign-On
Knowledge Based Authentication for CA Single Sign-On implements a mechanism called StepUp Authentication, which allows users who have authenticated by plain HTML Forms or Basic Auth at a lower security level section of a website to only have to answer their knowledge based question when they later access resources protected at a higher security level by the authentication scheme.
Limit Concurrent Login for CA Single Sign-On
CA Single Sign-On customers may need the ability to limit the number of times that a single user can be “logged into” the system. This prevents a single user from authenticating and accessing their site from two or more different browser instances simultaneously. Since web sessions are connectionless, the session is not necessarily maintained between the browser and web server at all times. This makes it extremely difficult to determine when a session ends and thus to track or limit multiple simultaneous sessions by the same user. Limit Concurrent Login for CA Single Sign-On meets this requirement.
Override Authentication Login for CA Single Sign-On
Many times, customers first implement CA Single Sign-On using simple, user name and password-based authentication schemes. In their initial implementations, it is also common for customers to make use of the SM_USER header variable to identify users to their web applications.
As they expand their site, customers may identify new requirements for authentication that are either not based on SM_USER or contain SM_USER in an undesirable format. Override Authentication for CA SSO solves this problem by providing a mechanism to automatically and securely re-authenticate users with a configurable LoginID value which gets set as the value of SM_USER.
StepUp Authentication Integration for CA Single Sign-On
StepUp Authentication Integration for CA Single Sign-On provides a user friendly way to protect resources with dual authentication schemes, typically combining HTML Forms or IWA authentication for the low security level authentication, and then a stronger authentication mechanism.
Integration for CA Single Sign-On with Entrust® IdentityGuard
EnTrust IdentityGuard is a strong authentication solution. It performs this function very well, but it does not have an authorization function (authentication is verifying who you are, while authorization is verifying whether you are allowed to access a specific resource). CA SSO performs both the authentication and authorization functions. The EnTrust IdentityGuard for CA SSO solution allows customers to utilize the EnTrust IdentityGuard authentication function with the Single Sign-On authorization function.
User Context Gateway for CA Single Sign-On
User Context Gateway for CA Single Sign-On (UCG) provides the capability for password credential storage and replay within a CA Single Sign-On environment. This enables single sign-on integration between CA Single Sign-On and applications which manage their own sessions using a username and password. Applications which support the UCG integration avoid re-challenging the user for their application credentials, instead receiving them securely from the CA Single Sign-On Policy Server.
Integration for CA Single Sign-On with NGiNX
Integration for CA Single Sign-On with NGiNX is designed to secure resources that are front-ended or deployed on NGiNX. This PWP will allow customers to take advantage of the performance gains provided by the NGiNX server without the need to place a proxy in front of the NGiNX servers.
User Session Monitor for CA Single SignOn
User Session Monitor for CA Single Sign-On extends CA SSO’s capabilities by providing a user session monitoring interface for both the end user and administrator. For users, it provides the capability to view their current active sessions from different IP addresses. For administrators, it provides the capability to view users’ current active sessions from different IP addresses and terminate sessions from different IP addresses and the capability to remotely terminate a session for a selected IP address or for a selected user DN.
Integration for CA Single Sign-On with Tomcat
Integration for CA Single Sign-On for Tomcat is designed to provide CA Single Sign-On security features for the Apache Tomcat Servlet container. Unlike other CA SSO Application Server Agents, this Agent provides standard CA SSO Web Agent functionality such as:
URL-Based Authorization and Session Management
XauthRADIUS Integration for CA Single Sign-On
In a typical deployment of CA Single Sign-On for use in an extranet or consumer portal, users have a single login based on a single entry in a centralized user directory, typically LDAP.
To aid in the deployment of CA SSO and simplify the development of custom authentication schemes, the XauthRADIUS Integration for CA SSO provides an authentication scheme that can be used to authenticate through other products via the RADIUS protocol.
Dynamic Assertion Generator Plugin for CA Single Sign-On
Dynamic Assertion Generator Plugin for CA Single Sign-On allows designated sites to send user information along with a request for a SAML assertion. The information is used to dynamically modify the SAML assertion, specifically Name ID and Attributes.
Integration for CA Single Sign-On Identity Asserter with Oracle WebLogic
Integration for CA Single Sign-On Identity Asserter with Oracle WebLogic can establish a user’s identity in Oracle’s Web Logic Server (WLS) based on a token in the HTTP request header space following authentication from an external source. When CA SSO is protecting applications built on WLS, a CA SSO-aware identity asserter is required to propagate the identity of the user established during a CA SSO authentication into WebLogic.
Google reCAPTCHA Integration for CA Single Sign-On
Growing security threats due to automated software attacks led to the evolution of CAPTCHA. Integration of Google reCAPTCHA with CA SSO helps prevent automated software attacks by using a CAPTCHA while letting valid users pass through with ease. This solution enhances CA SSO capabilities and adds an additional layer of security.
Lightweight SSO Ticket Authentication for CA Single Sign-On
The Lightweight SSO Ticket Authentication for CA Single Sign-On seamlessly logs on a user to a Single Sign-On environment when they already have an authenticated session from a “trusted” non-CA SSO environment.
Extended NTLM Authentication for CA Single Sign-On
While CA Single Sign-On has a built-in Windows auth scheme, the scheme expects that user login IDs are unique across all Active Directory (AD) domains that are represented as CA SSO User Directories. If a user’s login ID is not unique then it will be unable to successfully authenticate that user since the disambiguation phase will not map to a single User Directory object. This Packaged Work Product can be used to successfully authenticate users in this use case because it can be configured with a mapping of domain names versus User Directories, and given the user’s domain and login ID as input that can uniquely locate the user’s LDAP entry.
Integration for CA Single Sign-On with Microsoft Windows Web Server Identity
Integration for CA Single Sign-On with Microsoft Windows Web Server Identity (WWSI) enables Integrated Windows Authentication (IWA) based applications to be protected by CA SSO and utilize its single sign on capabilities while using the applications’ existing security model.
SSO Filter for CA Access Gateway
When CA Single Sign-On is normally integrated with customer web applications, the applications own authentication system (legacy) is disabled and it relies on CA SSO to authenticate the user and establish an identity for the application to pick up. There are situations where customers are unable to disable the application’s native authentication method. In such cases, in order to establish a user session for that application, credentials must be submitted to the application. This PWP enables that capability.
Hierarchy Sync for CA Data Protection
Hierarchy Sync for CA Data Protection is a tool for importing data from multiple data sources, applying basic logic and building a CA Data Protection hierarchies XML file. Hierarchy is critical to making the CA Data Protection product function on both a management and policy perspective. This tool was designed to give clients an ability to gather data from multiple sources (beyond the LDAP and XML supported by CA Data Protection) and join into a single data file.
CA IDENTITY MANAGER
Active Directory Authentication for CA Identity Manager
CA Identity Manager comes with an OOTB authentication module that authenticates the user against the directory configured for the environment. If the user needs to be authenticated against an external Active Directory, this PWP is designed to facilitate the authentication.
CA Project & Portfolio Manager SCIM Connector for CA Identity Manager
CA PPM SCIM Connector for CA Identity Manager provides a single point for user administration in CA PPM. It provides centralized user provisioning, automated user access management and other functions.
CA Service Catalog SCIM Connector for CA Identity Manager
CA Service Catalog SCIM Connector for CA Identity Manager provides a single point for user administration in CA Service Catalog. It provides centralize user provisioning, automated user access management and other functions.
CA Service Desk SCIM Connector for CA Identity Manager
CA Service Desk SCIM Connector for CA Identity Manager provides a single point for user administration in CA Service Desk. It provides for the administration of contact provisioning, management and enablement within Service Desk.
Integrated Windows Authentication for CA Identity Manager
CA Identity Manager comes with an OOTB authentication module that authenticates the user against the directory configured for the environment. If the user needs to be authenticated against Integrated Windows Authentication (IWA), this PWP is designed to facilitate the authentication.
Offsite Forgotten Password Reset for CA Identity Manager
When a user forgets the domain password used to login to a Windows computer, the Credential Provider of CA Identity Manager allows the user to reset the password using the Forgotten Password Reset self-service at Windows logon screen. However, this is only available if the computer has access to the self-service web application which is often protected inside a corporate network.
The Offsite Forgotten Password Reset for CA Identity Manager PWP enhances the Credential Provider of CA Identity Manager with the ability to reset forgotten passwords from outside of a corporate network by establishing a secured connection to the corporate network at the Windows logon screen.
RSA Authentication Manager Authentication for CA Identity Manager
CA Identity Manager contains an OOTB authentication module that authenticates the user against the user repository configured for the IdM environment. If the authentication source is external then an alternative is required. This PWP is designed to facilitate authentication via an RSA Authentication Manager Server, the management component of RSA SecurID.
SharePoint Claims Authentication for CA Identity Manager
CA Identity Manager contains an OOTB authentication module that authenticates the user against the user repository configured for the IdM environment. If the authentication source is external then an alternative is required. This PWP is designed to facilitate authentication to IdM after they have been authenticated via SharePoint Claims.