Single Sign-On Service › SSO Getting Started Guide › SSO using a Third-party IdP and Self-registration › Configure Federated Partnerships › Create the Local SP-to-Remote IdP Partnership › Specify the Target Application

Specify the Target Application

From the Application Integration step, the Target Application section is where you define how a user is redirected to the target application. The redirection method that you select depends on the type of data you want to pass with the user to the target application.

Follow these steps:

1. Navigate to the Application Integration step in the partnership wizard.
2. In the Redirect Mode field, select a redirection method. Consider the following information:
   • If you select Cookie Data, you can URL-encode attribute data in the cookie by selecting the URL Encode Attribute Cookie Data check box.
   • If you select the open-format cookie, configure the additional required settings. You can also enable optional settings.

     If the relying party receives an assertion with multiple attribute values, CA SiteMinder® passes all values to the target application in the cookie.

   • If you select one of the FIPS-compatible algorithms (AES algorithms), use a Federation Manager SDK to generate the open-format cookie. If you use the .NET SDK, use only the AES128/CBC/PKCS5Padding encryption algorithm.

     The target application must use the same language as the SDK that creates the cookie. If you are using the Federation Manager Java SDK, the application must be in Java. If you are using the .NET SDK, the application must support .NET.

   • If you select HTTP Headers as the redirect mode, the system can deliver multiple attribute values in a single header. Separate each attribute value with a comma.

     Learn more about using HTTP Headers as the redirect mode and how to protect the headers.

   Note: Click Help for a description of fields, controls, and their respective requirements.

3. Enter the URL of the target application in the Target field.

   If a proxy sits in front of the server with the target resource, enter the URL for the proxy host. The proxy handles all federation requests locally. The proxy host can be any system that sits in front of the target server. The proxy host can also be CA SiteMinder® itself, provided CA SiteMinder® is being accessed directly from the Internet. Ultimately, when operating with a proxy, the URL you specify as the target must go through CA SiteMinder®. For example, if the base URL is fed.demo.com and the backend server resource is mytarget/target.jsp, the value for this field is http://fed.demo.com:5555/mytarget/target.jsp.

   For SAML 2.0, you can leave this field blank if you override it with the RelayState query parameter. The RelayState query parameter can part of the URL that triggers single sign-on. To enable this override, select the Relay state overrides target check box.

Setting up redirection to the target is complete.

Partnership Confirmation

Review the partnership configuration before saving it.

Follow these steps:

1. Review the settings in the Confirm step of the Partnership wizard.
2. Click Modify in each group box to change any settings.
3. Click Finish when you are satisfied with the configuration.

The partnership configuration is complete.