Federation Manager GuideFederation Manager IntroductionFederation in Your Enterprise › Federation Manager Partnership Model

Previous Topic: SAML Profile Decision for Single Sign-on

Next Topic: Federation Manager Installation

Federation Manager Partnership Model

The Federation Manager partnership model can establish a federation between Financepro and BankLtd to ease the experience of moving between the sites of each company and to verify that they appear as one company.

The Federation Manager UI focuses on partnership creation and identifying each side of the partnership to accomplish single sign-on.

These steps include:

  1. Configuring a Partnership—Names the partnership and identifies the two entities that make up the partnership.
  2. Establishing the Federation Users/User Identification—Specifies the users for which the asserting party generates assertions and the relying party authenticates.
  3. NameID and Attributes—Determines how a federated identity is established and lets you add attributes to identify and customize the content of the assertion.

    Using NameID and attributes, you can verify that the appropriate information is available to the application at the relying party. This is where account linking and identity mapping would be configured.

  4. SSO—Defines Single Sign-on (Artifact or POST binding), including the location of the service consuming assertions at the relying party. For SAML 2.0, additional features, such as single logout (SLO), Enhanced Client or Proxy (ECP) profile, and Identity Provider Discovery profile can be configured.
  5. Signature and Encryption—Defines the signature and encryption options for secure exchange of assertions, authentication requests, and for SAML 2.0 single logout requests and responses.
  6. Application Integration—Enables you to configure redirection to the target application, lets you set up provisioning of user records, and define relying-party side attribute mapping. You can also set up redirects for failed user authentication.