The following terms are used in this guide:
A SAML authority that generates an assertion for use by a relying party. The asserting party creates, maintains, and manages identity information for users and provides user authentication to other relying parties. For SAML 1.1, the asserting party is known as the Producer. For SAML 2.0, the asserting party is known as the Identity Provider.
Important! In this guide, the term asserting party is used to mean a producer or an Identity Provider.
A Service Provider component that receives a SAML artifact or an HTTP form with an embedded SAML response and obtains the corresponding SAML assertion. The Assertion Consumer Service issues partnership federation session cookies, and if you are integrating with SiteMinder, a SiteMinder session cookie.
A Producer-side service that handles SAML 1.1 authentication using HTTP Artifact binding. This service retrieves the assertion at the Producer.
An Identity Provider-side service that performs SAML 2.0 authentication using the HTTP Artifact binding. This service retrieves the assertion at the Identity Provider.
A service that enables a Service Provider to generate an AuthnRequest message for cross-domain single sign-on. This message contains information that enables the Service Provider to send the browser to the Single Sign-on Service at the Identity Provider. The AuthnRequest service is used for single sign-on using POST and artifact binding.
Note: The format of the AuthnRequest message that the service issues is specified in the Profiles for the OASIS Security Assertion Markup Language (SAML) V2.0.
A cookie that contains user identity information. The open-format cookie can be encrypted using FIPS or non-FIPS compatible algorithms, depending on how you generate it. You can create an open-format cookie using a Federation Manager SDK or you can create it manually using any programming language that supports UTF-8 encoding.
If you require a FIPS-encrypted open-format cookie, use an SDK to create the cookie and to read the cookie. The Federation Manager Java SDK can encrypt the cookie using a FIPS-compliant (AES) algorithm or a non-FIPS (PBE) algorithm. The Federation Manager .NET SDK can encrypt the cookie using only a FIPS-compatible algorithm.
A SAML entity that uses information from a SAML authority to provide access to services. The relying party uses assertions from an asserting party to authenticate a user. For SAML 1.1, the relying party is known as the Consumer. For SAML 2.0, the relying party is known as the Service Provider.
Important! In this guide, the term relying party is used to mean a consumer or a Service Provider.
This service allows a user to log out from all applications in the federation simultaneously with a single logout event. An Identity Provider or a Service Provider can initiate single logout.
For SAML 1.1, the SSO service enables a Producer to process Producer-initiated requests for federated resources.
For SAML 2.0, the SSO service enables an Identity Provider to process IdP-or SP-initiated requests for federated resources.
The Producer/IdP gathers the necessary information from the Consumer/SP to generate an assertion, which it passes back to the Consumer/SP. The Consumer/SP then uses the assertion for authentication.
The Unified Expression Language (UEL) is a special Java expression syntax primarily for Java web applications. You can use the UEL for embedding expressions into web pages. For partnership federation, the UEL is the language you must use to define mappings between assertion attributes and application attributes at the relying party.
The Administrative UI provides configuration wizards to create and modify partnership federation objects. Follow the steps in the configuration wizard to navigate through the configuration steps for an object.
|
Copyright © 2012 CA Technologies.
All rights reserved.
|
|