|
|
|
The following features do not work when the simple_url session scheme is configured for the SPS:
As part of a single sign-on request, a Service Provider may request a particular user attribute to be included the assertion; however, the value of the required attribute may not be available in the user record at the Identity Provider.
If the Service Provider's request includes the Allow/Create attribute and the Identity Provider is configured to create a new identifier, the Policy Server at the Identity Provider will generate a unique value as part of the NameID. This value is then included in the assertion that is sent back to the Service Provider.
When using the SPS, the SAML 2.0 Allow/Create functionality fails with the simple_url session scheme on Service Provider side. However, the Allow/Create feature does work with the default session scheme.
The SAML 2.0 single logout feature is not supported when the SPS is configured to use simple_url session scheme. However, single logout does work with the default session scheme.
SiteMinder supports the use of a custom web application to supply user attributes to the SiteMinder Single Sign-on service. The SiteMinder-provided sample web application, sample_application.jsp, cannot be used if a simple_url session scheme is configured for the SPS at the Identity Provider.
For more information about these SAML 2.0 features, see the CA SiteMinder Federation Security Services Guide.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |