CAPC :: Single Sign-On Web Agent needed on the CAPC Server ?

Document ID : KB000097328
Last Modified Date : 22/05/2018
Show Technical Document Details
Question:
We'd like to know which webagent needs to be installed on the CAPC
Server.
Answer:
At first glance, we see that the CA Performance Manager already has 
the functionality of behaving as SP. 

>> 

In a SAML environment, you can select from multiple authentication 
methods. CA Performance Center users can log in using the typical 
('Product') authentication method in Single Sign-On, or they can use a 
SAML token. The Product method is enabled by default for all active 
user accounts. Users access the CA Performance Center user interface 
using the standard URL for CA Single Sign-On. 

To let users authenticate using SAML 2.0, the administrator must 
change some Single Sign-On settings using the Configuration Tool. The 
administrator must also enable External Authentication for all user 
accounts, and for all registered data sources that support SAML 2.0. 

Not all CA data source products support SAML 2.0. If you configure 
SAML 2.0 for external authentication in Single Sign-On and register a 
data source that lacks SAML support, CA Performance Center users must 
reauthenticate when they drill down into that data source. 

SAML 2.0 Support in Single Sign-On 
https://docops.ca.com/ca-performance-management/3-5/en/administrating/single-sign-on/set-up-saml-2-0-support/saml-2-0-support-in-single-sign-on 

So further, you need an IDP as described in the documentation. One of 
them can be SiteMinder (CA Single Sign-On) : 

Single Sign-On uses a standards-based SAML 2.0 library. As a result, 
it potentially supports many more products that rely on the SAML 2.0 
standards. However, the following CA products are the only Identity 
Providers that we have tested with CA Single Sign-On: 

CA SiteMinder Federation Manager 
CA Arcot A-OK On-Demand 

More, on the CA Performance Manager "Single Sign-On login page" you 
can select which kind of authentication you want. 

The Single Sign-On login page supports user authentication in CA 
Performance Center and in the data source products. Single Sign-On 
supports the following authentication methods: 

- Product authentication, which is based on user accounts 
- LDAP 
- Security Assertion Markup Language (SAML) 2.0 

https://docops.ca.com/ca-performance-management/3-5/en/administrating/single-sign-on 

And documentation gives steps to configure it : 

How to Set Up SAML Authentication 
https://docops.ca.com/ca-performance-management/3-5/en/administrating/single-sign-on/set-up-saml-2-0-support/how-to-set-up-saml-authentication