|
|
|
Before you install Federation Manager, be prepared with the following information. You are prompted for it during the installation.
Prior to installing Federation Manager, install a JDK and know its location.
Federation Manager requires that you enter a password during installation. This password is the one you will use to log in to the Federation Manager UI.
Note: The Federation Manager administrator password can contain only English (ASCII) characters.
Important! This choice is made only during installation. To change deployment mode, remove Federation Manager from the system then re-install it.
Determine how to implement Federation Manager in your environment.
The deployment mode options are:
In a proxy mode deployment, Federation Manager is the main entry point to all backend resources.
Select this mode if:
Note: You can protect the HTTP Headers against modification by an unauthorized user by setting an HTTP Header prefix. More information is available for protecting HTTP Headers in proxy mode.
In a standalone mode deployment, Federation Manager is deployed along side either SiteMinder Web Agents or third-party web servers. In this case, Federation Manager handles only federation requests; all other requests are handled by the other web servers.
Select this mode if you want to limit federation traffic to Federation Manager and off-load the handling of non-federated web traffic to other web servers.
In standalone mode, you cannot pass user attributes from an assertion using HTTP headers. There is no mechanism in between the web server and the browser to add HTTP headers to the response.
You can install Federation Manager in one of the following FIPS modes of operation:
FIPS_COMPAT (compatibility) mode is the default FIPS mode of operation during installation. In FIPS_COMPAT mode, Federation Manager continues to support the current set of non-FIPS algorithms as well as the supported FIPS-compliant algorithms.
FIPS_COMPAT mode is compatible with previous versions Federation Manager. This compatibility enables environments with a version of Federation Manager earlier than r12.1 to interoperate with r12.1. FIPS_COMPAT is also suitable for any clients who are satisfied with the degree of security available in the current Federation Manager implementation.
If your organization does not require the use of FIPS, install Federation Manager in FIPS_COMPAT mode. No further configuration is required.
In FIPS_ONLY mode, the environment uses only FIPS-compliant algorithms to encrypt sensitive data.
Install Federation Manager in FIPS_ONLY mode for new installations where you want to use only FIPS-compliant algorithms.
Important! Anytime you change the FIPS mode, restart Federation Manager.
Decide if you are going to use Federation Manager at the relying party site to integrate federation functionality with an existing SiteMinder deployment. If you are, select Enable SiteMinder Connector during the installation.
The SiteMinder Connector together with a custom SiteMinder authentication scheme at the Policy Server enable the creation of a SiteMinder session for users authenticated by Federation Manager. By establishing a SiteMinder session, these users do not get re-challenged by SiteMinder when accessing a SiteMinder-protected resource.
The Connector can also be used at the asserting party to create a Federation Manager session from a SiteMinder session. To establish the SiteMinder session, SiteMinder authenticates the user first and then the user visits the asserting party.
Important! The selection of the Connector is made only during installation. To change this selection, re-install Federation Manager.
Identifies the fully qualified domain name of the backend server where Federation Manager forwards the requests for federated resources.
| Copyright © 2010 CA. All rights reserved. | Email CA about this topic |