Our primary purpose for using it is to manage and control access to our web applications. We've extended the use somewhat to protect other environments in our shop where we need to authenticate users.
For example, we have a GemFire caching product, and we want to limit what data users can access within the GemFire environment. So we leverage SiteMinder and its policies within GemFire to authenticate the user and to authorize them based on what type of data they are accessing.
We also use it to federate identity with external clients and vendors. We use the federation component to federate identities between ourselves and outside third-parties.
Improvements to My Organization
We're moving to an API-based application development model with SiteMinder in that environment. It's important for us to be able to handle authentication and authorization issues when client-side mobile apps are calling to our services. We needed to handle the responses from those authentication problems better than the traditional SiteMinder SSO system did. 12.52 provides a really nice web-app customer response feature that allows us to customize responses back to the mobile app or the browser assignments.
Room for Improvement
We're really interested in the containerized version of CA SSO where the product will be delivered as a container image rather than the traditional binary.
We'd also like to see a more streamlined implementation update process.
Also, I think they need to improve their support a little bit better especially with experienced customers who are very knowledgeable in product. It's difficult when working on level higher than support.
Use of Solution
We brought it in a little over 10 years ago. We're currently in production on 12.0, but we're right in the middle of our migration to 12.52.
We have a very carefully planned roll-out of these products. We won't go into production as long as we're having stability issues. I would say for 12.0, our experience was fairly elongated to get to the resolution of some issues, probably a couple of months. With 12.52, we've had a couple of issues, but we already have patches and work arounds for them, and so we think that things have improved.
In the past, whenever we migrated to a new version, there's been a little bit of stability issues at the beginning and I would say with 12.0 in particular we had some stability issues. But we believe 12.52 is a lot more stable, but that's yet to be seen.
Customer Service and Technical Support
It's a hit and miss thing, like all support organizations. For the most part, for simple problems they can get to a resolution fairly quickly. If the problem is a little more complicated, they really struggle with getting us a solution. We usually have to escalate the problem to our contact engineer. But then it depends on how important the problem is. If it's like a real critical problem affecting our production environment, we'll push a little harder. We'll call up our CA representative and try to escalate the problem.
I wasn't involved in this initial decision to bring it in, but I was brought onto the team fairly soon thereafter.
Other Solutions Considered
I think Oracle and IBM have similar products. For due diligence purposes, We occasionally take a look at other vendors and compare features, but so far we're happy with CA.
I would totally recommend this product, but I think CA has a really good handle on what the drivers are and where the business is going in terms of application development. They seem to be a good fit.