What is OAuth functionality in CA SSO R12.7

Document ID : KB000074964
Last Modified Date : 28/03/2018
Show Technical Document Details
Introduction:
OAuth is an open standard for access delegation, commonly used as a way for Internet users to grant websites or applications access to their information on other websites but without giving them the passwords. This mechanism is used by Social Network companies typically to permit the users to share information about their accounts with third party applications or websites.

 
Question:
What features are available with R12.7 CA SSO for Oauth?
Environment:
R12.7 CA SSO
Oauth Provider
Answer:
1*) First of all, to name OAuth related specific features, in summary, that are supported in R12.51x, R12.52x, R12.6x and R12.7x:
     
  • Attribute persistence allows CA Single Sign-On to maintain user attributes from SAML assertions or OAuth tokens in the session store, so that they can be used for authorization decisions throughout the user’s session. 
 
  • Just-in-time provisioning interface for OAuth identities enables organizations to more quickly support new users needing access to RP-side applications.
 
So. we do support OAuth in many different product functions, from R12.51, 52, 12.6 and R12.7.
 
2*)  A related question also might come up as – “What are the OAuth related business requirements, and can we meet those with the functionality provided in R12.7 CA SSO (or combined with any other CA products)?” CA can help customize beyond what is provided by the released product.
 
3*) Here are some OAuth links from the CA SSO R12.7 product document.
 
https://docops.ca.com/ca-single-sign-on/12-7/en/using/administrative-ui/federation-partnerships-reference/single-sign-on-dialog-oauth
 
https://docops.ca.com/ca-single-sign-on/12-7/en/using/administrative-ui/federation-partnerships-reference/user-identification-dialog-oauth
 
https://docops.ca.com/ca-single-sign-on/12-7/en/configuring/partnership-federation/configure-social-sign-on
 
https://docops.ca.com/ca-single-sign-on/12-7/en/using/administrative-ui/federation-partnerships-reference/configure-partnership-dialog-oauth
 
4*) In addition, CA’s APIM (i.e. API Management f.k.a. Layer 7) product supports Mobile Single Sign On and OAuth. APIM offers a complete end‐to‐end, standards‐based and proven security solution for mobile SSO. This solution uses OAuth 2.0, OpenID Connect, JWT and PKI standards. Communication is secured through APIM’s Mobile Access Gateway via mutual Secure Socket Layer configuration.
 
Here’s some info on CA API OAuth Toolkit.
https://docops.ca.com/ca-api-management-oauth-toolkit/3-6/en/ca-api-gateway-oauth-toolkit
Additional Information:
Please refer to R12.7 CA SSO and CA APIM product documentation for additional details.