Skip to content
CA API Gateway - 9.3
Documentation powered by DocOps

Enable CA SSO User Assertion

Last update August 3, 2018

The Enable CA Single Sign-On User  assertion lets you enable a user account in CA SSO user directory.

Using the Assertion

  1. Do one of the following:
    • To add the assertion to the Policy Development window, access Assertions tab, Policy AssertionsAccess Control Assertions and drag and drop the Enable CA Single Sign-On User assertion into the policy development window.
    • To change the configuration of an existing assertion, proceed to step 2 below.
  2. When adding the assertion, the Enable CA Single Sign-On User Properties automatically appear; when modifying the assertion, right-click Enable CA Single Sign-On User in the policy window and select Enable CA Single Sign-On User Properties or double-click the assertion in the policy development window. 
    The assertion properties are displayed.
  3. Configure the properties as follows:

    Setting Description
    Configuration Name Specifies the CA Single Sign-On Configuration to use. This configuration is defined using the Manage CA Single Sign-On Configurations task.
    Domain Object ID

    Specifies the object ID of the domain. This value can be set to ${<prefix>.smcontext.realmdef.domoid}, which is set by the Check Protected Resource Against CA Single Sign-On Assertion.

    Username Specifies the username.
  4. Click OK.

Context Variable

If the assertion fails to enable the user's account, it sets the following context variable:

Context Variable

Type Description
reasonCode integer Specifies the enable user failure reason code that is returned from CA SSO.

The reasonCode context variable is set only if SmDmsUser#setEnable() method in DMS API fails. If the assertion fails for any other reason (that is, it cannot connect to CA Policy Server, it cannot find user in user directory, and so on), the reasonCode context variable is not set.

Was this helpful?

Please log in to post comments.