Siteminder password Management

Document ID : KB000096310
Last Modified Date : 16/05/2018
Show Technical Document Details
Question:
I'd like to know :

- How are user passwords stored in Active Directory ? 
- How admin passwords are stored in my Active Directory ?
Answer:
Actually, CA Single Sign-On doesn't store the passwords directly but
the Active Directory itself. So when you are using Password Services,
and requesting user to change their password, CA Single Sign-On will
do a LDAP bind with the user credentials and will request to modify
the password to the Active Directory, using the attributes you have
mapped when defining the User Directory. Then the Active Directory
decides how to store the password.

For more information you can check the following: 

How to Configure Password Policies
https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/configuring/policy-server-configuration/password-services-and-policies/how-to-configure-password-policies 

SSO - Basic Password service integration with Active Directory
https://communities.ca.com/thread/241790640-sso-basic-password-service-integration-with-active-directory 

Tech Tip - CA Single Sign-On:Policy Server: Read Password Blob Utility
https://communities.ca.com/community/ca-security/ca-single-sign-on/blog/2016/02/29/tech-tip-ca-single-sign-onpolicy-server-read-password-blob-utility 

and about encryption 

Manage Encryption Keys
https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/administrating/manage-encryption-keys 

Using FIPS-Compliant Algorithms
https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/upgrading/using-fips-compliant-algorithms 

FIPS 140-2 Algorithms
https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/administrating/manage-encryption-keys/fips-140-2-algorithms