CA Adapter Windows Installation Guide › Configuring the Service Provider’s Application

Configuring the Service Provider’s Application

This chapter provides an overview of how to integrate your SAML enabled applications with AFM. The JSPs explained in this chapter are available in the application_server_home\webapps\arcotafm\ directory.

master.jsp: This JSP provides pointers to the JSPs for the individual workflows that are configured in the JSPs listed in the "Authentication Flow Manager" section.
To integrate your application with AFM, you need to configure your application to send authentication or user migration request to the master.jsp file. You can configure your application to send a request in any one of the following ways:
1. Service Provider Initiated Workflow: In this approach, the Service Provider’s application sends the authentication request to AFM. In this approach, the parameters described in the following table must be passed in the request.

Parameter	Description
SigAlg	The algorithm used by your application for signing the request.
Signature	The signature of the parameters as explained in the SAML Protocol.
SAMLRequest	Base64 encoded SAML request.
RelayState	This is an opaque reference to the state on the Service Provider’s side. This is an optional parameter.
Profile	This is the AFM profile created from Wizard. This defines the primary and secondary authentication mechanisms and other related configurations.
Processreq	This is used by AFM.

Identity Provider Initiated Workflow: In this workflow the user can either directly hit the AFM URL or the Service Provider can redirect the user’s authentication request to AFM with the parameters described in the following table.

Parameter	Description
Profile	This is the AFM profile created from Wizard. This defines the primary and secondary authentication mechanism and other related configurations.
Processreq	This used by AFM.

If you are using the second approach (Step ), then you need to configure the AssertionConsumerServiceURL property in the saml_config.properties file. This property specifies the URL where the SAML response (generated after authentication) has to be posted back.

After user’s authentication request is processed, AFM generates a SAML response and sends it back to the Service Provider’s application. The Service Provider’s application needs to verify this response. You may need to configure the following properties based on your SAML Service Provider implementation:

SignSamlAssertionOnly: Specify whether the complete SAML response or only the assertion part of the response needs to be signed.
CanonicalizationMethod: Specify the canonicalization method that is applied to the SAML response before signing it.

settings.jsp: This JSP is used to enable end users to update their credentials. The workflow defined in this JSP updates the credentials of the user. When you integrate this JSP in your application, ensure that a link to this JSP is displayed to the end user only after successful authentication. Use the following format for the URL that leads to this JSP:
```
/arcotafm/settings.jsp?profile=<profile-name>
```
This URL must also include a signed SAML request in the query parameter.
masterEnrollment.jsp: The workflow defined in this JSP enrolls the user for the configured AuthMinder credentials. This is done after authenticating the user with LDAP, OTP, or both, depending on the configuration. If a profile has been configured in the AFM wizard, then to enroll the user for the credentials configured in the profile, ensure that a request parameter is sent from your application to this JSP in the following format:
```
arcotafm/masterEnrollment.jsp?profile=<profile-name>
```