Federation Manager Guide › Federation Manager Introduction › Overview

Overview

Enterprise applications and services continue to become increasingly distributed across organizations. As a result, the need for secure but seamless access to services from one domain to another has increased. Federated partnerships address this need by enabling identity information to be flexible and portable, offering secure single sign-on and single logout across a network of trusted business partners.

CA Federation Manager enables customers to establish federated partnerships in a flexible way, together with or independent of a Web access management system. Federation Manager offers an easy-to-deploy solution for standards-based federation. Using Federation Manager, an organization can act as the asserting party or the relying party. The asserting party provides user authentication and assertion of identity. The relying party consumes a user identity to allow access to web resources and services.

Federation Manager offers the following features:

• SAML 1.1 and SAML 2.0 protocol support.
• Support for FIPS 140-2 compatible encryption.
• A simple installation and network deployment.
• A standalone product that does not require the existence of any federation software on the target system.
• The ability to generate SAML assertions, which can include identity information and attributes from a user store.
• The capability to send the assertion to the relevant federated partner.
• For the artifact profile, the ability to store a SAML assertion until the relying party retrieves the assertion.
• The ability to be deployed as a standalone entity or together with CA SiteMinder Web Access Manager for federation and access control.
• An intuitive user interface.
• The ability to pass identity data to a target application as an encrypted cookie or header.

Federation Manager Components

Federation Manager includes the following components:

• Secure proxy engine

  Forwards traffic to backend servers. This engine employs web server, servlet engine, proxy server and federation web services features.

  The secure proxy engine includes the following components:

  • Apache Web Server

    Acts as the HTTP listener, handling HTTP traffic for incoming requests, and can handle HTTPS traffic, once properly configured.

  • Tomcat server

    Provides a servlet container for the operation of the Federation Manager UI. The Apache web server communicates to the Tomcat server via a Tomcat connector called mod_jk.

• Federation server

  Enables user directory connectivity, authentication functions, and session store abilities.

• Extensible policy store

  Stores all Federation Manager data objects.

• Web-based user interface

  Administers the configuration of federation entities and partnerships, private keys and certificates, and various server settings.