This section contains the following topics:
How to Use the Configuration Settings Tables
SAML 1.x Matching Configuration Settings
SAML 2.0 Matching Configuration Settings
WS-Federation Configuration Settings
When configuring a federated environment, there are many instances where you must configure matching parameter values at both sides of a transaction.
The tables that follow explicitly describe each matching set of parameters. Each cell in a row describes a setting that must match the corresponding value or values described in the other cells in the row.
Note: The information is only applicable in an environment where the asserting and relying party are CA SiteMinder® systems.
The following table lists CA SiteMinder® configuration settings that you must set to the same value at the SAML 1.x producer and consumer. The table also indicates the dialog or file where these settings are located. Most of these settings are in the Administrative UI; however, some parameters are in a properties file or part of a link.
Important! If you have to enter a URL, the URL string that comes after the colon is case-sensitive. For example, all text that follows http: is case-sensitive. Therefore, the case of the URLs in all Audience-related settings and Assertion Consumer URL-related settings must match.
|
These Settings at the SAML 1.x Consumer... |
Must Match These Settings at the SAML 1.x Producer... |
|---|---|
|
Affiliate Name Scheme Setup section of the authentication scheme page (Artifact and POST profiles) |
Name field General settings for the affiliate object Value must be lowercase NAME query parameter in intersite transfer URL links at the producer. |
|
Password field (SAML Artifact auth. scheme only) Scheme Setup section of the authentication scheme page |
Password/Confirm Password fields General settings for the affiliate object |
|
Audience field Any other SAML consumer; Scheme Setup section of the authentication scheme page |
Audience field Assertions settings for the affiliate object |
|
Assertion Consumer URL (SAML POST auth. scheme only) Scheme Setup section of the authentication scheme page |
Assertion Consumer URL Assertions settings for the affiliate object
SMCONSUMERURL query parameter intersite transfer URL links at the producer |
|
Issuer field Scheme Setup section of the authentication scheme page |
AssertionIssuerID parameter AMAssertionGenerator.properties file at the producer |
|
Version from the SAML Version drop-down list Scheme Setup section-- authentication scheme page (SAML Artifact auth. scheme only) |
Version from the SAML Version drop-down list Assertions settings for the affiliate object. |
|
Company Source ID Scheme Setup section-- authentication scheme page (SAML Artifact auth. scheme only) |
SourceID parameter AMAssertionGenerator.properties file at the producer |
The following table lists CA SiteMinder® configuration settings that you must set to the same value at the SAML 2.0 Identity Provider and Service Provider. The table also indicates where these settings are located. Most of these settings are in the Administrative UI; however, some parameters are in a properties file or part of a link.
Important! If you have to enter a URL, the URL string that comes after the colon is case-sensitive. For example, text following http: is case-sensitive. Therefore, the case of all SP ID- and IdP ID-related settings must match.
|
These Settings at the Service Provider... |
Must Match These Settings at the Identity Provider... |
|---|---|
|
Attribute Name Add/Edit Attribute page from the Attributes settings of the SAML 2.0 authentication scheme. |
Variable Name Attribute Setup section of the Add Attribute page from the Attributes settings for the SAML Service Provider object. |
|
Audience field
|
Audience field SSO section of the SAML Profiles settings for the SAML Service Provider object.
|
|
IdP ID field General settings of the SAML 2.0 authentication scheme |
IdP ID field
|
|
Local Name Add/Edit Attribute page from the Attributes settings of the SAML 2.0 authentication scheme. Local Name Federation Attribute Variable page for creating a Federation Attribute variable at the SAML Requester (Service Provider). |
None |
|
SP ID field
|
SP ID field General settings for the SAML Service Provider object |
|
SP Name Backchannel section of the Encryption & Signing settings of the SAML 2.0 authentication scheme. This value must be in lowercase. |
Name field General settings for the SAML Service Provider object This value must be in lowercase. |
The following table lists CA SiteMinder® configuration settings that you must set to the same value at the WS-Federation Account Partner and Resource Partner. Read the table as follows:
Important! If you have to enter a URL, the URL string that comes after the colon is case-sensitive. For example, any text that follows http: is case-sensitive. Therefore, the case of all RP ID- and AP ID-related settings must match.
|
These Settings at the Resource Partner... |
Must Match These Settings at the Account Partner... |
|---|---|
|
Resource Partner ID General settings for the WS-Federation authentication scheme |
Resource Partner ID General settings of the Resource Partner object wtrealm query parameter must be set to the Resource Partner ID for the hard-coded link to trigger Account Partner-initiated SSO. |
|
Account Partner ID General settings for the WS-Federation authentication scheme |
Account Partner ID General settings of the Resource Partner object
|
|
Copyright © 2015 CA Technologies.
All rights reserved.
|
|