Configuration Guides › Federation Security Services Guide › Configure SOA Security Manager as a SAML 1.x Producer › Protect the Authentication URL to Create a SiteMinder Session (SAML 1.x)

Protect the Authentication URL to Create a SiteMinder Session (SAML 1.x)

When you add a consumer to an affiliate domain, you are required to set the Authentication URL field. The Authentication URL must point to the redirect.jsp file. The purpose of this URL is to establish a session at the producer.

The redirect.jsp file is installed at the asserting party where you install the Web Agent Option Pack or the SPS federation gateway. Because a SOA Security Manager policy protects the redirect.jsp file, the Web Agent presents an authentication challenge to users who request a protected consumer resource but do not have a SOA Security Manager session.

After a user is authenticated and successfully accesses the redirect.jsp file, a session is established. The redirect.jsp file redirects the user back to the producer Web Agent. The Agent can process the request and generate the SAML assertion.

The procedure for protecting the Authentication URL is the same in all of the following set-ups:

• Web Agent Option Pack installed on the same system as the Web Agent
• Application server with a Web Agent installed on a web server proxy
• Application server protected by an Application Server Agent
• SPS federation gateway installed at the asserting party.