Federation Manager Agent for Windows Authentication Guide › Delegated Authentication Configuration › Delegated Authentication Setup

Delegated Authentication Setup

The Federation Manager Windows Agent works with Federation Manager to provide user authentication in an IWA context. Because the Federation Manager Windows Agent is acting as a third-party authentication service, you must configure Federation Manager to use delegated authentication.

In addition, the cookie settings on the Federation Manager Infrastructure, Deployment settings dialog must be communicated out of band to the Federation Manager Windows Agent.

To configure Federation Manager for delegated authentication

1. Login in to the Federation Manager UI.
2. Select the SAML 1.1 or SAML 2.0 partnership you want to edit. Be sure that you are editing a Producer-> Consumer or IDP -> SP partnership.
3. Navigate to one of the following steps in the partnership wizard:
   • SAML1.1: Single Sign-on
   • SAML 2.0: SSO and SLO
4. Set the Authentication Mode to Delegated.
5. Set the Delegated Authentication Type to Open Format Cookie.

   Note: The Federation Manager Windows Agent requires delegated authentication based on the open format cookie. This option is not available if you have configured Federation Manager to use the SiteMinder connector.

6. Enter the delegated authentication URL.

   Example: http://hostname:portnum/iwa/IWARedirect

Federation Manager is configured for delegated authentication.

Note: For more information about delegated authentication, see the Federation Manager Guide.