|
|
|
A consumer is a site that uses a SAML 1.x assertion to authenticate a user.
Note: A site can be a SAML producer and a SAML consumer.
Any SOA Security Manager site with CA SiteMinder Federation Security Services functionality can consume SAML 1.x assertions and use these assertions to authenticate users. When an assertion is consumed, the site has to be able to compare the information from the assertion against a user directory to complete the authentication process.
SOA Security Manager provides the following SAML 1.x authentication methods:
The SAML-based authentication schemes let a consumer site authenticate a user. Consuming a SAML assertion and establishing a SOA Security Manager session enables cross-domain single sign-on. After the user is identified, the consumer site can authorize the user for specific resources.
The following illustration shows the major components for authentication at the consumer site.
Note: The SPS federation gateway can replace the Web Agent and Web Agent Option Pack to provide the SiteMinder Federation Web Services application functions. For information about installing and configuring the SPS federation gateway, see the CA SiteMinder Secure Proxy Server Administration Guide.
The SAML 1.x authentication scheme is configured at the consumer-side Policy Server. The SAML credential collector is a component of the Federation Web Services application. The credential collector is installed on the consumer-side Web Agent, or on an SPS federation gateway. The credential collector obtains information from the SAML authentication scheme at the Policy Server, then uses that information to access a SAML assertion.
The SAML assertion becomes the credentials that grant access to the Policy Server at the consumer site. The user is authenticated and authorized, and if authorization is successful, the user is redirected to the target resource.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |