Federation Manager GuideDelegated Authentication for Federation UsersDelegated Authentication Configuration › Sample Configuration

Previous Topic: Delegated Authentication Configuration

Next Topic: Third-party WAM Configuration for Cookie Delegated Authentication

Sample Configuration

The following sample configuration is from the perspective of a SAML 2.0 IdP > SP partnership. The delegated authentication settings are on the SSO and SLO tab of the Partnership wizard.

This sample configuration reflects a SAML 2.0 configuration. The Identity Provider is http://idp1.xyz.com and the third-party WAM system is http://wamservice.xyz.com.

To configure cookie delegated authentication

  1. Log in to the Federation Manager UI.
  2. Create a partnership or edit an existing one.

    Note: To edit a partnership, deactivate it first.

  3. Navigate to the SSO and SLO step in the Partnership wizard.
  4. In the Authentication group box, set the fields as follows:
    Authentication Mode

    Delegated

    Delegated Authentication Type

    Select the cookie option that suits your environment.

    Legacy cookie

    For Java-only applications

    Open format cookie

    For use with a web access management application. You can use a Federation Manager SDK to create a Java or .NET application or you can use an application written in another language, provided you build the open format cookie manually.

    If you require FIPS 140-2 encryption, you must create the open format cookie using the Federation Manager Java or .NET SDK.

    Delegated Authentication URL

    http://wamservice.xyz.com

    This is the URL of the third-party WAM system that authenticates users and uses a Federation Manager SDK to create the cookie.

    Authentication Class

    Enter the authentication method used at the third party. For example:

    urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos

  5. Continue with partnership configuration.
  6. Communicate all the Cookie Settings on the Infrastructure, Deployment Settings dialog to the third-party WAM system.

    These values are used in the creation of the cookie.

To configure query string delegated authentication

  1. Log in to the Federation Manager UI.
  2. Create a partnership or edit an existing one.

    Note: To edit a partnership, deactivate it first.

  3. Navigate to the SSO and SLO step in the Partnership wizard.
  4. In the Authentication group box, set the fields as follows:
    Authentication Mode

    Delegated

    Delegated Authentication Type

    Query String

    Delegated Authentication URL

    http://wamservice.xyz.com

    This is the URL of the third-party WAM system that authenticates users and constructs the redirect URL back to Federation Manager with the query parameters.

    Hash Secret

    FederatedAuth1

    The third-party WAM system uses this secret to hash the login ID.

    Confirm Hash Secret

    FederatedAuth1

    Authentication Class

    Enter the authentication method used at the third party. For example:

    urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos

  5. Continue with partnership configuration.