Federation Manager Guide › Federation Partnerships › Partnership Creation

Partnership Creation

The main purpose of Federation Manager is to establish a partnership between two organizations so they can share user identity information and facilitate single sign-on (SSO). A Federation Manager partnership consists of two entities at two different sites—one local and one remote. Either entity can assume the role of the asserting party, the side which produces assertions or the relying party, the side which consumes assertions.

If Federation Manager is installed at both sites, each site must define a partnership. For each local asserting party-to-relying party partnership at one site, there has to be a reciprocal local relying party-to-asserting party partnership at the partner site. The two definitions define a single partnership.

For example, in the following figure SiteA has been configured as the local SAML 2.0 IdP and has specified SiteB as the remote SAML 2.0 SP. SiteB has been configured as the local SAML 2.0 SP, and SiteA is its remote SAML 2.0 IdP.

Note: An asserting party can have partnerships with more than one relying party and a relying party can establish partnerships with more than one asserting party.

Creating a federation partnership consists of the following steps:

1. Specify the partnership type.
2. Configure the following partnership details:
   1. Partnership name and the participating entities
   2. Federation users (local asserting party only)
   3. Name ID format and other assertion attributes (local asserting party only)
   4. User identification (local relying party only)
   5. Single sign-on (SSO)
   6. Single logout (SLO) – SAML 2.0 only
   7. Signing
   8. Encryption – SAML 2.0 only

   These steps are detailed in this chapter.