Authorize via CA Single Sign-On Assertion

The Authorize via CA Single Sign-On assertion is used to authorize a user against the CA Single Sign-On Policy Server. This assertion also sets a CA Single Sign-On cookie and adds it to the response.
gateway90
The
Authorize via CA Single Sign-On
assertion is used to authorize a user against the CA Single Sign-On Policy Server. This assertion also sets a CA Single Sign-On cookie and adds it to the response.
For a description of the context variables that this assertion can set or use, see CA Single Sign-On Context Variables.
To learn about selecting the target message for this assertion, see Select a Target Message.
Setting CA Single Sign-On Cookies
Prior to version 8.2.0, CA Single Sign-On cookies were set in the Authorize via CA Single Sign-On assertion. This functionality has now been moved to the Manage Cookie Assertion. As a result:
  • Instances of the Authorize via CA Single Sign-On assertion in use prior to v8.2.0 will continue to display the CA Single Sign-On cookie controls until the "Set CA Single Sign-On Cookie" check box is deselected. At this point, the cookie controls are removed and the properties will resemble the Authorize via CA Single Sign-On dialog below. To set a CA Single Sign-On cookie in the future, use the Manage Cookie Assertion.
  • New instances of the Authorize via CA Single Sign-On assertion added to a policy in version 8.2.0 or later will only display the properties shown below. If a CA Single Sign-On cookie is required, use the Manage Cookie Assertion to set it.
The following policy sample shows how you might replace the Setting CA Single Sign-On Cookies functionality. Note that the name of the cookie is SMSESSION by default and the value is
"${siteminder.smcontext.ssotoken}
". Note the double quotes in this context variable; these quotes are required in this instance. 
siteminder-auth-via-ca-single-sign-on-assertion-updated.png
Using the Assertion
  1. Do one of the following:
    • To add the assertion to the Policy Development window, see Adding an Assertion.
    • To change the configuration of an existing assertion, proceed to step 2 below.
  2. When adding the assertion, the
    Authorize via CA Single Sign-On Properties
    automatically appears; when modifying the assertion, right-click
    Authorize via CA Single Sign-On: [
    <prefix>
    ]
    in the policy window and choose
    Authorize via CA Single Sign-On Properties
    or double-click the assertion in the policy window. The properties dialog appears.
  3. Configure the properties as follows:
    Setting
    Description
    CA Single Sign-On Variable Prefix
    Enter a prefix that will be added to the
    smcontext
    context variables created and used by this assertion. This prefix will ensure uniqueness and will prevent the variables from overwriting each other when multiple instances of this assertion appear in a policy. This field is required.
    For a list of the variables set by this assertion, see Context Variables for CA Single Sign-On.
    <location of SSO Token>
    Specify where to obtain the SSO Token:
    • Use SSO Token from CA Single Sign-On context:
      Select this option to attempt to gather the SSO token from the CA Single Sign-On context object. For more information about the CA Single Sign-On context object, see Context Variables for CA Single Sign-On.
    • Use SSO Token from Context Variable:
      Select this option to obtain the SSO token from the context variable specified in the adjacent box.
  4. Click [
    OK
    ] when done.