Federation Manager Guide › SiteMinder Integration with Federation Manager › How to Integrate Federation Manager and SiteMinder › Enable the Connector at the Partnership Level

Enable the Connector at the Partnership Level

Before you enable the Connector, verify:

• The SiteMinder Policy Administrator has configured the policy for federated communication.
• You have configured the Connector-specific settings in Federation Manager.

Enable the Connector for the partnership where SiteMinder is deployed:

• If SiteMinder is at the asserting party, enable the Connector for an IdP-to-SP or Producer-to-Consumer partnership.
• If SiteMinder is at the relying party, enable the Connector for an SP-to-IdP or Consumer-to-Producer partnership.

Whether you are modifying an existing partnership of configuring a new partnership, the standard partnership configuration steps apply; there are no unique configuration procedures. However, specify the target resources at the relying party in the using the following guidelines:

• If Federation Manager is deployed in standalone mode, the target resource resides on the web server that the SiteMinder Web Agent protects.
• If Federation Manager is deployed in proxy mode, the target resource is the URL for the Federation Manager server because all proxy requests go back to SiteMinder.

Follow these steps:

1. Log in to the Federation Manager UI.
2. Select a partnership from the Federated Partnerships list or create a new one.

   The Partnership dialog opens.

3. Navigate to one of the following steps in the wizard:
   1. At the relying party, navigate to the User Identification step in the Partnership wizard.
   2. At the asserting party, navigate to the Federation Users step in the Partnership wizard.
4. Select the Enable SiteMinder Connector check box.

   The configuration fields become available.

5. (Optional) Select the Enforce UserDN Comparison check box. Selecting this check box forces a comparison of the UserDN and UserDirectory Name entries between the user directory at Federation Manager and the directory at SiteMinder.

   If you select this check box, the user directory for the Federation Manager and the SiteMinder deployment must be the same physical directory. The name for both of these directories must be the same for user store lookups. If you clear the check box, the Universal ID is the attribute that finds the user record. If the Universal ID is used, the directories do not have to be the same. If you rely on the Universal ID, each user must have a unique Universal ID. If the Universal IDs are not unique, the system accessing the user record can retrieve the wrong record.

6. Save your changes.

To disable the Connector, you can do so at the partnership level or globally in the Deployment Settings.