The Assertion Configuration step of the partnership wizard defines the configuration for the following settings:
The Name ID attribute, which is required in an assertion, identifies a user in a unique way. The format of the Name ID establishes the type of content that the assertion uses as the source of the ID.
An attribute statement passes user attributes, DN attributes, or static data in an assertion to the relying party. When the relying party receives the assertion, it makes the attribute values available to applications.
Servlets, web applications, or other custom applications can use attributes to display customized content or enable other custom features. When used with web applications, attributes can limit the activities of a user at the relying party. For example, an attribute variable named Authorized Amount is set it to a maximum dollar amount that the user can spend at the relying party.
Attributes are included in the assertion in an <AttributeStatement> element or an <EncryptedAttribute> element. Attributes take the form of name/value pairs and can be made available as HTTP Headers or HTTP Cookies.
Note: Attributes statements are not required in an assertion.
Typically, attributes come from user directory records, but an assertion can contain attributes from other sources, such as an external database or application content. You can write an assertion generator plug-in that pulls in attributes from various sources. The assertion generator plug-in is a piece of custom code that you write according to the Assertion Generator Plug-in interface for SiteMinder.
For information about writing a plug-in, see the Programming Guide for the Federation Manager Java SDK.
|
Copyright © 2012 CA Technologies.
All rights reserved.
|
|