CA Single Sign-On Integration Guide Overview

Warning: Single Sign‑On for Pivotal Cloud Foundry v1.6 is no longer supported because it has reached the End of General Support (EOGS) phase as defined by the Support Lifecycle Policy. To stay up to date with the latest software and security updates, upgrade to a supported version.

CA Single Sign-On (formally known as CA SiteMinder) is a Web Access Management system that supports advanced authentication, risk-based security policies, and federated identities. This documentation describes how to configure a single sign-on partnership between CA Single Sign-On as the Identity Provider (IdP) and the Single Sign-On Service (SSO) for Pivotal Cloud Foundry as the Service Provider (SP).

SSO supports service provider-initiated authentication flow and single logout. It does not support identity provider-initiated authentication flow. All SSO communication takes place over SSL.


To integrate CA Single Sign-On with Pivotal Cloud Foundry (PCF), you need the following:


  • PCF, v1.7.0 or later.
  • Single Sign-On, v1.1.0 or later.

CA Single Sign-On

  • CA Single Sign-On, v12.52 or later.
  • A Signed Certificate by a Certificate Authority.

Note: To configure SAML, you must have the Pivotal Single Sign-On service broker installed on your PCF deployment. You need to create a plan, grant any plan administrators, and specify any organizations this plan should be the authentication authority for. For help configuring plans, see the Manage Service Plans topic.

CA Single Sign-On Integration Guide

Configuring CA Single Sign-On with SSO

Complete both steps below to integrate your deployment with CA Single Sign-On and SSO.

  1. Configure CA Single Sign-On as an Identity Provider
  2. Configure a Single Sign-On Service Provider

Testing and Troubleshooting