Configuration Guides › Federation Security Services Guide › Configure SOA Security Manager as an Account Partner › Allow Access to the Federation Web Services Application

Allow Access to the Federation Web Services Application

After you add affiliates to an affiliate domain, the affiliates need permission to access the Federation Web Services application. When you install the [set to your product name], the FederationWebServicesDomain is installed by default. This domain includes the following policies:

• FederationWSAssertionRetrieval
• FederationWSNotificationService
• FederationWSSessionServicePolicy
• SAML2FWSArtifactResolutionServicePolicy

To specify permission to the Federation Web Services application

1. From the Domains tab, expand FederationWebServicesDomain and select Policies.
2. Select one of the policies, and click Edit, Properties of Policy.

   For SAML 1.x, permit access to the following:

   •   FederationWSAssertionRetrieval
   •   FederationWSNotificationService
   •   FederationWSSessionServicePolicy

   For SAML 2.0, permit access to SAML2FWSArtifactResolutionServicePolicy

   The SiteMinder Policy dialog opens.

3. From the Users tab, select one of the following:
   • FederationWSCustomUserStore tab for SAML 1.x
   • SAML2FederationCustomUserStore tab for SAML 2.0.

   The Users/Groups dialog opens.

   The consumers, Service Providers, and Resource Partners are the "users" included in the listed user stores.

4. Click Add/Remove on the appropriate tab.
5. From the Available Members list, select the affiliate domains that need access to Federation Web Services then move them to the Current Members list.
6. Click OK to return to the Policy List.
7. Repeat this procedure for all policies relevant for the SAML version you are using.