This section contains the following topics:
The Federation Manager .NET SDK helps a .NET application to federate. Using the .NET SDK, .NET applications can provide user information to Federation Manager, and can consume user information provided by Federation Manager. The .NET SDK uses a global open format cookie to represent user identity and encapsulate the user principal and attributes. The .NET SDK uses a key derived from a shared secret to encrypt the cookie. Any application that knows the shared secret and the cryptographic transform can consume the cookie and retrieve user information. The .NET SDK uses the AES algorithm for encrypting and decrypting the open format cookie.
A .NET application on the asserting party side uses the .NET SDK to pass the login ID for authenticated users to Federation Manager. Federation Manager extracts the login ID from the cookie and adds it to a Federation Assertion, which is sent to relying party. Federation Manager can add additional attributes to the cookie and change some of the cookie settings, for example, the maximum age for a cookie. A .NET application on the relying party side uses the .NET SDK to retrieve user and session-related information sent by Federation Manager.
The following diagram shows the role of the .NET SDK at the asserting party and the relying party:
The .NET SDK is implemented in C#, only using features that are part of the Microsoft Common Language Specification (CLS). The .NET SDK is therefore accessible from applications written in any language that supports the CLS, for example, Visual Basic .NET, Visual C# .NET, and Visual C++ .NET.
The .NET SDK interfaces are available through the CA.Federation.FedIdentitySdk.dll. .NET applications can reference this DLL using the namespace CA.Federation.FedIdentitySdk.
The .NET application has to pass cookie zone, cookie name, and the shared secret to the .NET SDK. The .NET application can store this data in any way convenient, for example, in a configuration file. The application can encrypt the password, but must decrypt it before passing it to the .NET SDK. The password must be passed as a plain text character array. The configuration values of cookie zone, cookie name, and encryption password must be the same at both the sides (the .NET Application and Federation Manager). These values are communicated out-of-band.
|
Copyright © 2012 CA Technologies.
All rights reserved.
|
|