Layer7 SiteMinder (formally known as CA Single Sign-On) is a Web Access Management system that supports advanced authentication, risk-based security policies, and federated identities. This documentation describes how to configure a single sign-on partnership between Layer7 SiteMinder as the identity provider and the Single Sign‑On for VMware Tanzu Application Service as the service provider.

Single Sign‑On supports service provider-initiated authentication flow and single logout. It does not support identity provider-initiated authentication flow. All Single Sign‑On communication takes place over SSL.


To integrate Layer7 SiteMinder with Single Sign‑On you must have the following:

  • Layer7 SiteMinder v12.52 or later
  • A certificate signed by a certificate authority

Note: To configure SAML, you must have the Single Sign-On service broker installed on your Ops Manager deployment. You need to create a plan, grant any plan administrators, and specify any organizations this plan should be the authentication authority for. For help configuring plans, see the Manage Service Plans topic.

Layer7 SiteMinder Integration Guide

Configuring Layer7 SiteMinder with Single Sign‑On

Complete both steps below to integrate your deployment with Layer7 SiteMinder and Single Sign‑On .

  1. Configure Layer7 SiteMinder as an Identity Provider
  2. Configure a Single Sign‑On Service Provider

Testing and Troubleshooting

check-circle-line exclamation-circle-line close-line
Scroll to top icon