Configuration GuidesFederation Security Services GuideOverview of a SiteMinder Federation Partnership SetupSet Up Producing Authority Components › Set up Affiliate Domains and Add Sites to these Domains

Previous Topic: Install the Producing-side Policy Server

Next Topic: Install a Web Agent or SPS Federation Gateway (Producing-side)
Set up Affiliate Domains and Add Sites to these Domains

Before you set up Federation Web Services, you establish affiliate domains and add the sites that consume assertions to the affiliate domains. The affiliate domains identify the partners to the site producing the assertions.

At the producing authority:

  1. Access the FSS Administrative UI.
  2. Create an affiliate domain.
  3. Add a user store for users that the producing authority (producer, IdP, AP) generates assertions.
  4. Add an object for each consuming authority (consumer, SP, RP) to the affiliate domain.

    There should be a one-to-one correspondence between a consuming authority and each object added to the domain.

  5. After you add sites to an affiliate domain, verify that you protect the AuthenticationURL. This verification affirms that a user has a session at the producing authority prior to process a request for a federated resource.

    To do this task:

    1. Create a policy domain.
    2. Protect the policy domain with the Web Agent that is protecting the server with the Web Agent Option Pack.
    3. To this policy domain, add a realm, rule, and policy that protects the Authentication URL.

More Information:

Add Entities to an Affiliate Domain

Protect the Authentication URL to Create a SiteMinder Session (SAML 1.x)

Protect the Authentication URL to Create a SiteMinder Session (SAML 2.0)