Rule ID
SV-237397r981646_rule
Version
V1R3
CCIs
CCI-002014
Without conforming to FICAM-issued profiles, the information system may not be interoperable with FICAM authentication protocols, such as SAML 2.0 and OpenID 2.0. Use of FICAM-issued profiles addresses open identity management standards. This requirement only applies to components where this is specific to the function of the device or has the concept of a non-organizational user, (e.g., ALG capability that is the front end for an application in a DMZ). CA API Gateway must be capable of producing and validating FICAM-compliant SAML.
Open the CA API GW - Policy Manager and double-click all Registered Services required to conform to FICAM-issued profiles. Verify the "Evaluate SAML Protocol Response" Assertion is included in the policy and set to evaluate only SAML 2.0 responses. Validate all additional parameters within the Assertion are set in accordance with organizational requirements for FICAM-issued profiles. If the "Evaluate SAML Protocol Response" Assertion is not included in the policy and set to evaluate only SAML 2.0 responses, this is a finding.
Open the CA API GW - Policy Manager and double-click all Registered Services required to conform to FICAM issued profiles. Add the "Evaluate SAML Protocol Response" Assertion to the policy and set the SAML Version to 2.0. Set all other configuration parameters within the Assertion to meet organizational requirements for FICAM-issued profiles.