For single sign-on processing, you can configure several optional redirect URLs if a user cannot be authenticated at the Resource Partner. The redirect URLs allow finer control over where a user is redirected. For example, when a user cannot be located in a user store, the Redirect URL for the User Not Found specification can redirect the user to the appropriate location.
Note: These URLs are not required.
If you do not configure redirect URLs, standard SiteMinder processing takes place. How SiteMinder handles a failed authentication depends on the configuration.
If a Resource Partner cannot authenticate a user during a single sign-on transaction, the Resource Partner can redirect that user to a customized URL for further processing.
You can configure several optional redirect URLs for failed authentication. If the assertion is not valid, the redirect URLs allow finer control over where a user is redirected. For example, if a user cannot be located in a user store, you can fill in a User Not Found redirect URL.
The Status Redirect URLs and Modes are in the Additional Configuration section of the authentication dialog. The redirect URLs are for specific status conditions:
If any of the conditions occur, redirect URLs can send the user to an application or a customized error page for further action.
Note: Configuring redirect URLs is not required.
To configure optional Redirect URLs
If enter a value for the Redirect URL for the Invalid SSO Message status, select a mode.
Federation Web Services handles the errors by mapping the authentication reason into one of the configured redirect URLs. The user can be redirected to that URL to report the error.
Note: These redirect URLs can be used with the CA SiteMinder® message consumer plug-in for further assertion processing. If authentication fails, the plug-in can send the user to one of the redirect URLs you specify.
Copyright © 2014 CA.
All rights reserved.
|
|