Step by Step – CA SSO (formerly CA Siteminder) – SSO with PhenixID Authentication Services – Federation


This document will guide you through the steps to provide Single-Sign-On to CA SSO (formerly CA SiteMinder) using SAML with PhenixID Authentication Services as SAML IdP.


System Requirements

  • PhenixID Authentication Services 2.0 or higher
  • CA SSO setup as a SAML Service Provider. (


1. Set up PhenixID Authentication Services as SAML IdP

  1. Setup PhenixID Authentication Services as a SAML IdP using one of the Federation scenarios described here. (If the desired authentication method is not provided by a scenario, use the documentation for the SAML authenticator here)
  2. Download the Identity Provider metadata.
  3. Open the federation scenario and click Execution flow.
  4. Click on Execution flow
  5. Click on AssertionProvider
  6. Click JSON.
  7. Add this to the configuration:
    "misc": {
     "excludeSubjectNotBefore": "true"
  8. Configuration example when done:
  9. Click Save

2. Configure CA SSO

  1. Import the Identity Provider metadata downloaded in step 1.1. Please visit for instructions on how to setup trust with the Identity Provider.
  2. Download CA SSO SAML SP Metadata file. Please visit for instructions on how to extract SAML Service Provider information.


3. Add CA SSO SAML SP Metadata to PhenixID Authentication Services

  1. Upload the metadata file from 2.2 using this Federation Scenario.



  1. Open a web browser
  2. Browse to the resource that is protected by CA SSO
  3. You should be redirected to the IdP (PhenixID Authentication Services)
  4. Authenticate
  5. You should be redirected back to CA SSO
  6. You can now access the resource.


Use the SAML Tracer addon for Firefox to debug and trace the SAML messages.

Information provided in this document is for your information only. PhenixID makes no explicit or implied claims to the validity of this information. Any trademarks referenced in this document are the property of their respective owners.

The origin of this information may be internal or external to PhenixID. PhenixID makes all reasonable efforts to verify this information.

PhenixID -