|
|
|
The following terms are used in this guide:
A SAML authority that generates an assertion for use by a relying party. The asserting party creates, maintains, and manages identity information for users and provides user authentication to other relying parties. For SAML 1.1, the asserting party is known as the Producer. For SAML 2.0, the asserting party is known as the Identity Provider.
Important! In this guide, the term asserting party is used to mean a producer or an Identity Provider.
A Service Provider component that receives a SAML artifact or an HTTP form with an embedded SAML response and obtains the corresponding SAML assertion. The Assertion Consumer Service issues Federation Manager session cookies, and if you are integrating with SiteMinder, a SiteMinder session cookie.
A Producer-side service that handles SAML 1.1 authentication using HTTP Artifact binding. This service retrieves the assertion stored at the Producer.
An Identity Provider-side service that performs SAML 2.0 authentication using the HTTP Artifact binding. This service retrieves the assertion stored at the Identity Provider.
A service that enables a Service Provider to generate an AuthnRequest message for cross-domain single sign-on. This message contains information that enables Federation Manager to redirect the browser to the Single Sign-on Service at the Identity Provider. The AuthnRequest service is used for single sign-on using POST and artifact binding.
Note: The format of the AuthnRequest message issued by this service is specified in the Profiles for the OASIS Security Assertion Markup Language (SAML) V2.0.
A feature that allows Federation Manager to use a third-party Web Access Management system to authenticate users and then redirect the users back to Federation Manager to proceed with the federation process.
(Formerly the FEDPROFILE cookie) A cookie that contains user identity information. This cookie supports only PBE encryption algorithms, which are not FIPS-compliant.
At the asserting party, a Java SDK creates the legacy cookie and Federation Manager reads it. At the relying party, Federation Manager creates the legacy cookie for use by Java-based end-user applications. The applications use the Java SDK to read the cookie.
A cookie that contains user identity information. The open format cookie can be encrypted using FIPS or non-FIPS compatible algorithms, depending on how you generate it. You can create an open format cookie using a Federation Manager SDK or create it manually using any programming language that supports UTF-8 encoding.
If you require a FIPS-encrypted open format cookie, use a Federation Manager SDK to create the cookie and to read the cookie. The Federation Manager Java SDK can encrypt the cookie using a FIPS-compliant (AES) algorithm or a non-FIPS (PBE) algorithm. The Federation Manager .NET SDK can encrypt the cookie using only a FIPS-compatible algorithm.
A SAML entity that uses information from a SAML authority to provide access to services. The relying party uses assertions it receives from an asserting party to authenticate a user. For SAML 1.1, the asserting party is known as the Consumer. For SAML 2.0, the asserting party is known as the Service Provider.
Important! In this guide, the term relying party is used to mean a consumer or a Service Provider.
This service allows a user to log out of all applications in the federation simultaneously with a single logout event. An Identity Provider or a Service Provider can initiate single logout.
For SAML 1.1, the SSO service enables a Producer to process Producer-initiated requests for federated resources.
For SAML 2.0, the SSO service enables an Identity Provider to process IdP-or SP-initiated requests for federated resources.
The Producer/IdP gathers the necessary information from the Consumer/SP to generate an assertion, which it passes back to the Consumer/SP. The Consumer/SP then uses the assertion for authentication.
The Unified Expression Language (UEL) is a special Java expression syntax used primarily by Java web applications. You can use the UEL for embedding expressions into web pages. For Federation Manager, the UEL is the language you must use to define mappings between assertion attributes and application attributes at the relying party.
| Copyright © 2010 CA. All rights reserved. | Email CA about this topic |