|
|
|
The session server stores data for the following federation features:
When artifact authentication is used (SAML 1.x or 2.0), the assertion generator produces a SAML assertion with an associated artifact. The artifact identifies the generated assertion. The asserting party returns the artifact to the relying party. The assertion is stored in the session server until the relying party uses the artifact to retrieve the assertion.
Note: SAML POST profile authentication does not store assertions in the session server.
With SAML 2.0 single logout enabled, either partner can store information about the user session in the session server. When a single logout request is completed, the session information for the user is removed.
With WS-Federation sign-out enabled, the WS-Federation authentication scheme puts context information into the session server so that a sign-out request can be generated. When a signout request is completed, the session information for the user is removed.
For SAML 2.0 and WS-Federation, SOA Security Manager enforces a single use policy using expiry data. Expiry data is time-based data about the assertion. The authentication scheme stores the expiry data in the session server. Expiry data verifies that a SAML 2.0 POST or WS-Federation assertion is only used a single time.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |