Federation Manager Guide › Federation Partnerships › Application Integration › Redirecting a User to the Target Application

Redirecting a User to the Target Application

The Target Application group box in the Application Integration step lets you define how a user gets redirected from Federation Manager to the target application. There are several methods from which to choose. The redirection method you select depends on the type of data you want to pass along with the user to the target application.

To configure the redirection method

1. Navigate to the Application Integration step in the Partnership wizard.
2. Select a redirection method for the Redirect Mode field.
   • If you select Cookie Data, you can URL-encode attribute data in the cookie by selecting the URL Encode Attribute Cookie Data check box.
   • If you select open format cookie as the mode, there are additional settings you must configure, such as the name of the cookie, the algorithm that encrypts the cookie along with the encryption password. Optionally, you can enable an HMAC function to verify the integrity of the cookie.

     If the relying party receives an assertion with multiple attribute values, Federation Manager passes all values to the target application in the cookie.

   • If you select one of the FIPS-compatible algorithms (AES algorithms), you are required to use a Federation Manager SDK to consume the open format cookie. If you use the .NET SDK, you are required to use the AES128/CBC/PKCS5Padding encryption algorithm.
   • If you configured Federation Manager in proxy mode and you select HTTP Headers as the redirect mode, Federation Manager can deliver multiple attribute values in a single header by separating each value with a comma.

   Note: Click Help for a description of fields, controls, and their respective requirements.

3. Enter the URL of the target application in the Target field.

   If Federation Manager is operating in proxy mode, enter the URL for the proxy host because the proxy handles all federation requests locally. The proxy host can be any system that sits in front of Federation Manager. The proxy host can also be Federation Manager itself, provided Federation Manager is being accessed directly from the Internet. Ultimately, when operating in proxy mode, the URL you specify as the target must go through Federation Manager. For example, if the base URL for Federation Manager is fedmgr.demo.com:5555 and the backend server resource is mytarget/target.jsp, the value for the Target field is http://fedmgr.demo.com:5555/mytarget/target.jsp.

   Note: You specify the backend server that sits behind the proxy host when you run the Federation Manager Configuration wizard. You can modify the backend server entry by rerunning the Configuration wizard.

   For SAML 2.0, you can leave this field blank if you override it with the value of the Relay State query parameter, which can be included in a URL to trigger single sign-on. To enable this override, select the Relay state overrides target check box.

Setting up redirection to the target is complete.