CA SiteMinder/Talend Administration Center SSO configuration Overview
This article explains how to configure CA SiteMinder to implement Single-Sign On with Talend Administration Center.
CA SiteMinder Partnership Federation is used to construct a SAML 2.0 identity provider (IdP), in order to generate assertions for users.
These assertions are sent back to Talend Administration Center, where user settings and roles are assigned based on the SiteMinder configuration.- The SSO process is initiated through a hard-coded link (e.g. http://host*/affwebservices/public/saml2sso?SPID=<SPEntityName>).
- This link redirects to the authentication page.
- If no user sessions exist, the user is redirected to the login page.
- When the user inputs valid credentials, there is a redirection to the assertion service (e.g. http://host1/affwebservices/public/saml2sso) and the assertions are generated.
- Assertions are formatted to an SAML 2.0 response in an auto-post form.
- Talend Administration Center gets SAML response when the form is submitted.
- Talend Administration Center retrieves attributes from the SAML 2.0 response, updates user attributes, processes role mapping.
- The user can then log in to Talend Administration Center.
Create User Directory Within CA SiteMinder
SiteMinder IdP does not support multiple value attributes. User Role values should be separated by ",".
Procedure
- Navigate to .
- In the Search results area, click Create User Directory.
- Set the User Directory configuration.
- Click Submit.
Results
Protect the Authentication URL
Procedure
Create Signing Certificate
Procedure
Create Local IdP Entity
Procedure
Create Remote SP Entity
Procedure
Results
Create the Identity Provider / Service Provider Partnership
This procedure involves several steps in SiteMinder. For ease of use, each step is referred to as the Step - Name of the Step.
Procedure
Step - Configure partnership
Procedure
Step - Federation Users
Procedure
- Ensure User Class is set to All Users In Directory.
- Click Next.
Step - Assertion Configuration
Procedure
Results
Step - SSO and SLO
Procedure
Results
Step - Signature and Encryption
Procedure
Step - Confirm
Procedure
Activate the Identity Provider / Service provider partnership
Procedure
Test SSO login to Talend Administration Center
Procedure
- Create a user on your LDAP server.
- Define the roles to be referenced in Talend Administration Center (e.g. tac_admin for administrators in Talend Administration Center, dp_dm for dataset managers in Talend Data Preparation) and project type (either DI, DQ, MDM or NPA - No project Access).
- Select the user.
- Double click the userPassword attribute.
- In the Verify Password field within the Password Editor window, input the user password.
- Click Bind: a popup window confirms the authentication is successful.
- Within your browser, open http://host1/affwebservices/public/saml2sso?SPID=<SPEntityName>.
- When prompted for credentials, input user uid/userPassword.
- Click Sign In. You are successfully logged into Talend Administration Center.
- Check user attributes and roles are set as expected.
Results
From this point, you are able to log onto Talend Administration Center using the SSO settings configured with SiteMinder.
For instructions on configuring SSO on Talend Administration Center, refer to the Accessing the Administration Center/Using SSO to log in to Talend Administration Center section of the Talend Administration Center User Guide.