|
|
|
The following sample configuration is from the perspective of a SAML 2.0 IdP > SP partnership. The delegated authentication settings are on the SSO and SLO tab of the Partnership wizard.
This sample configuration reflects a SAML 2.0 configuration. The Identity Provider is http://idp1.xyz.com and the third-party WAM system is http://wamservice.xyz.com.
To configure cookie delegated authentication
Note: To edit a partnership, deactivate it first.
Delegated
Select the cookie option that suits your environment.
Legacy cookie
For Java-only applications
Open format cookie
For use with a web access management application. You can use a Federation Manager SDK to create a Java or .NET application or you can use an application written in another language, provided you build the open format cookie manually.
If you require FIPS 140-2 encryption, you must create the open format cookie using the Federation Manager Java or .NET SDK.
http://wamservice.xyz.com
This is the URL of the third-party WAM system that authenticates users and uses a Federation Manager SDK to create the cookie.
Enter the authentication method used at the third party. For example:
urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos
These values are used in the creation of the cookie.
To configure query string delegated authentication
Note: To edit a partnership, deactivate it first.
Delegated
Query String
http://wamservice.xyz.com
This is the URL of the third-party WAM system that authenticates users and constructs the redirect URL back to Federation Manager with the query parameters.
FederatedAuth1
The third-party WAM system uses this secret to hash the login ID.
FederatedAuth1
Enter the authentication method used at the third party. For example:
urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos
| Copyright © 2010 CA. All rights reserved. | Email CA about this topic |