Federation Manager Guide › Delegated Authentication for Federation Users › Delegated Authentication Configuration › Third-party WAM Configuration for Cookie Delegated Authentication

Third-party WAM Configuration for Cookie Delegated Authentication

For delegated authentication to succeed, the third-party WAM must adjust its federated application, as follows:

• To communicate the authenticated user login ID through a cookie, the third-party WAM system must generate a cookie.
  • For Java applications, the WAM can use a Federation Manager Java SDK to create a legacy cookie or an open format cookie.
  • For .NET applications, the WAM can use a Federation Manager .NET SDK to create an open format cookie.
  • For languages other than Java and .NET, the WAM can create an open format cookie manually.

  For details on implementing the necessary class and methods, see the Federation Manager Java SDK Guide or the Federation Manager .NET SDK Guide. Each guide is installed with the SDK. If you create an open format cookie manually, review the details about the required contents of the cookie.

• The third party must know the values of the following Federation Manager UI settings Cookie Zone and Encryption Password parameters configured at the Federation Manager asserting party:
  • Global Cookie Zone
  • Encryption Password
  • Open-format Cookie Name
  • Open-format Cookie Encryption Transformation

  These values are used in the creation of the cookie.

• The third-party WAM system must create a redirect URL that sends the user back to Federation Manager. This URL has to send the user back to the Federation Manager Single Sign-on service. The Federation Manager Administrator has to communicate the Single Sign-on service to the third party in an out-of-band communication.

  Important! After the third-party WAM system receives an authentication request from Federation Manager, it must capture and resend any existing query string it receives as part of the incoming authentication request. The incoming request can have Federation Manager request information within the query string and must be passed along unchanged.

  Note: To pass the cookie, the third-party WAM system must be in the same cookie domain as Federation Manager at the asserting party.