An assertion provides the necessary identity information to facilitate single sign-on at the Resource Partner. The Account Partner generates a SAML 1.1 assertion for a user with an established session. The Account Partner places the assertion in a WS-Federation RequestSecurityTokenResponse message then delivers the token to the Resource Partner. The Resource Partner consumes security tokens and establishes a session that is based on the contents of the WS-Federation security token.
As part of single sign-on configuration, determine how the Account Partner delivers an assertion to a Resource Partner.
To configure single sign-on at the Account Partner
Click Help for field descriptions.
A user can visit the Account Partner before going to the Resource Partner. If the user goes to the Account Partner first, a link must generate an HTTP Get request. The hard-coded link points to the Single Sign-on Service of the Account Partner. The request contains the RP Provider ID and optionally other parameters.
The syntax for the link to the Single Sign-on Service is as follows:
https://ap_server:port/affwebservices/public/wsfedsso?wa=wsignin1.0&wtrealm=RP_ID
Specifies the server and port number of the system at the Account Partner. The system is hosting the Web Agent Option Pack or the SPS federation gateway, depending on which component is installed in your federation network.
Resource Partner identity, The entity ID is case-sensitive. Enter it exactly as it appears in the Administrative UI.
When a user starts at the Resource Partner to initiate single sign-on, typically the user selects from a list of Account Partners. The site selection page is in an unprotected realm.
The link on the site selection page points to the Single Sign-on Service at an Account Partner. After the link is selected, the Resource Partner redirects the user to the Account Partner to get the assertion.
Copyright © 2014 CA.
All rights reserved.
|
|