Federation Manager Guide › Federation Entity Configuration › How to Create an Entity without Using Metadata › Detailed Remote Entity Configuration

Detailed Remote Entity Configuration

After specifying the entity type, configure the details of the entity. For a remote entity type, define the following:

• Identification information about the entity
• Signature and encryption options
• NameID and attribute information

Be aware of the following

• Entity ID and Entity Name Settings

  If the Entity ID represents a remote partner, the value must be unique. If the Entity ID represents a local partner, it can be reused on the same system.

  The Entity Name identifies an entity object for in the Federation Manager database. The Entity Name must be a unique value because Federation Manager uses the Entity Name internally to distinguish an entity at a particular site. This value is not used externally and the remote partner is not aware of this value.

  Note: The Entity Name can be the same value as the Entity ID, but the value must then not be shared with any other entity at the site.

• Signing and Encryption Features

  For signing and encryption features, you must have the appropriate key/certificate entries in the database. If you do not have the appropriate key/certificate entries, click Import to import a private key/certificate pair from a file on your local system. You can also import trusted certificates.

  Note: If you are using SAML 2.0 POST profile, signing assertions is required.

• Assertion Attributes Configuration

  You can configure the Federation Manager asserting party to include specific assertion attributes when it generates an assertion. The recommended method is to define these attributes at the entity level. The entity serves as a template for the partnership so any assertion attributes you define for the entity get propagated to the partnership. The benefit of defining assertion attributes at the entity is that it enables you to use an entity in more than one partnership with the entity configuration already complete.

  If you want to add or remove assertion attributes for the partnership, make such modifications at the partnership level, not at the entity level.

To configure specifics about a remote entity

1. Begin at the Configure Entity step in the UI.
2. Complete any required fields for features and services associated with the remote entity type you are configuring.

   This includes settings for identifying the entity, signature and encryption features and Name ID formats and attributes.

   Note: You can click Help for a description of fields, controls, and their respective requirements.

3. Click Next.

The Confirm dialog is displayed.