For HTTP-Artifact single sign-on, the relying party needs permission to access the policy that protects the FWS service for obtaining assertions.
To grant access:
Other than adding users to a given policy, all other policy objects are set up automatically.
Add the Web Agent that protects the FWS application to the Agent group FederationWebServicesAgentGroup.
Follow these steps:
The Agent Groups dialog opens.
If you are using HTTP-Artifact binding for single sign-on, the relying party in the partnership needs permission to access the assertion retrieval service. CA SiteMinder® protects the SAML 1.x and 2.0 retrieval services with a policy.
When you install the Policy Server, the FederationWebServicesDomain is installed by default. This domain includes the following policies for the service from which CA SiteMinder® retrieves assertions:
FederationWSAssertionRetrievalServicePolicy
SAML2FWSArtifactResolutionServicePolicy
Note: WS-Federation does not use the HTTP-Artifact profile. Therefore, this procedure does not apply to Resource Providers.
Grant access for these policies to any relevant relying partners.
Follow these steps:
A list of domain policies displays.
FederationWSAssertionRetrievalServicePolicy
SAML2FWSArtifactResolutionServicePolicy
The Domain Policies page opens.
FederationWSCustomUserStore
SAML2FederationCustomUserStore
The User/Groups page opens.
The affiliate domain that you previously configured is listed in the Users/Groups dialog. For example, if the affiliate domain is named fedpartners, the entry is affiliate:fedpartners.
You return to the User Directories list.
You return to the policies list.
Copyright © 2015 CA Technologies.
All rights reserved.
|
|