|
|
|
Affiliate objects define parameters used by the SAML Assertion Generator to produce SAML 1.x assertions for use in WS-Security SAML tokens.
To configure affiliate domains and affiliate objects, follow the associated procedures in the CA SiteMinder Federation Security Services Guide. However, because SOA Security Manager does not use the affiliate object to define an affiliate organization, you do not need to specify all the options.
Note: When you configure an affiliate object for use by SOA Security Manager, you are not defining an affiliate organization for which the assertion is intended. Assertions generated for SOA Security Manager can be sent to any web service protected by the WS-Security authentication scheme (or similarly capable third-party security application).
The following table summarizes all the affiliate configuration parameters. The table describes each parameter’s function for generating SAML assertions for SOA Security Manager, where the parameter is required, or tells you if the parameter is not required.
|
Affiliate Dialog Element |
Field Name |
Purpose for SOA Security Manager SAML Assertion Production |
|---|---|---|
|
Main panel |
Name |
Specifies the name of the affiliate object (must be unique across all affiliate domains). This name is referenced by WS-Security policy responses (by defining a txm_wssec_saml_affiliate attribute whose value matches the name of the affiliate object). |
|
Description |
Not used by SOA Security Manager |
|
|
Password |
Not used by SOA Security Manager |
|
|
Enabled |
Sets the Enabled check box to activate the affiliate object. This option must be set for SOA Security Manager to produce SAML 1.x assertions. |
|
|
Allow Notification |
Not used by SOA Security Manager. |
|
|
Authentication URL |
Not used by SOA Security Manager. |
|
|
Users tab |
Select users |
Specifies the users and groups (from the user directory or directories defined in the affiliate domain) for whom assertions should be generated. |
|
Assertions tab (Optional) |
Audience |
Specifies the URI of a document that describes the terms and conditions of the agreement between the token issuer and consumer. This value is added to the assertion and can be used for authentication purposes. (If a request’s assertion token contains an audience value, that value must match one specified in the WS-Security scheme for the request to be authenticated.) Additionally, the web service can parse the actual audience document to obtain additional information. |
|
Validity duration |
Specifies the amount of time, in seconds, that the assertion will be valid. |
|
|
Skew time |
Specifies the difference, in seconds, between the system clock time of the SAML assertion producer and the system clock time of the SAML assertion consumer. |
|
|
Session tab |
Shared sessioning |
Not used by SOA Security Manager (leave option unset). |
|
Sync interval |
Not used by SOA Security Manager (leave blank). |
|
|
Attributes tab (Optional) |
Affiliate Attribute dialog (Opened from Attributes tab by clicking Create button) |
Not required for SOA Security Manager assertion production. However, if specified, an attribute statement will be included in the assertion that can be used for use in authentication and authorization decisions. |
|
IP addresses tab (Optional) |
Add an IP Address dialog (Opened from IP Addresses tab by clicking Add button) |
Specifies the list of IP addresses that are allowed to generate SAML assertions. |
|
Time restrictions tab (Optional) |
N/A |
Specifies times when assertion can be issued |
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |