CA SOA Security Manager Authorization


CA SOA Security Manager can authenticate end-users and authorize them to access protected Web resources. The API Gateway can interact directly with CA SOA Security Manager by asking it to make authorization decisions on behalf of end-users that have successfully authenticated to the API Gateway. CA SOA Security Manager decides whether to authorize the user, and relays the decision back to the API Gateway where the decision is enforced. The API Gateway, therefore, acts as a Policy Enforcement Point (PEP) in this situation, enforcing the authorization decisions made by the CA SOA Security Manager, which acts a Policy Decision Point (PDP).

[Important] Important

A CA SOA Security Manager authentication filter must be invoked before a CA SOA Security Manager authorization filter in a given policy. In other words, the end-user must authenticate to CA SOA Security Manager before they can be authorized for a protected resource.


CA SOA Security Manager integration requires CA TransactionMinder SDK version 6.0 or later.

API Gateway

When adding third-party binaries to the API Gateway, you must perform the following steps:

  1. Add the binary files as follows:

    • Add .jar files to the InstallDir/ext/lib directory.

    • Add .dll files to the InstallDir\Win32\lib directory.

    • Add .so files to the InstallDir/platform/lib directory.

  2. Restart the API Gateway.

Policy Studio

When adding third-party binaries to the Policy Studio, you must perform the following steps:

  1. Add .jar files to the InstallDir/plugins/thirdparty.runtime.dependencies_6.0.3 directory.

  2. Restart the Policy Studio.


Configure the following fields on the CA SOA Security Manager Authorization filter:


Enter an appropriate name for the filter.


If the end-user is successfully authorized, the attributes listed here are looked up in CA SOA Security Manager, and returned to the API Gateway. These attributes are stored in the attributes.lookup.list message attribute. They can be retrieved at a later stage to generate a SAML attribute assertion.

Select the Set attributes for SAML Attribute token checkbox, and click the Add button to specify an attribute to fetch from CA SOA Security Manager.