Previous Topic: Customize the OpenID Forms Credential CollectorNext Topic: Use the Authentication Scheme in a Policy

Single Sign-On ServiceSSO Getting Started GuideSSO using a Third-party IdP and Self-registrationConfigure and Apply an OpenID Authentication SchemeConfigure an OpenID Authentication Scheme

Configure an OpenID Authentication Scheme

Configure an OpenID authentication scheme when using an external IdP to authenticate users for SSO application requests.

Follow these steps:

  1. Click Infrastructure, Authentication.
  2. Click Authentication Schemes.
  3. Click Create Authentication Scheme.

    Verify that the Create a new object of type Authentication Scheme is selected.

  4. Click OK

    Note: Click Help for descriptions of settings and controls, including their respective requirements and limits.

  5. Enter a name for the scheme that indicates its purpose.
  6. Specify a protection level.
  7. Select OpenID Template from the Authentication Scheme Type list.

    Scheme-specific fields and controls appear.

  8. Complete the fields:
    Use Relative Target

    Select the check box. Disregard the values for Web Server Name/Port.

    Target

    /siteminderagent/forms/openid.fcc

    This is the default string.

  9. (Optional) Select Persist Authentication Session Variables to store user data in the session store.

    If you are not using the session store, set the following fields:

    Pre Processing Chain

    com.ca.sm.openid.command.StoreClaimsToContext

  10. Disregard the remaining fields and click Submit.

    The authentication scheme is saved and can be assigned to a realm.