This section contains the following topics:
URLs for Services at the Asserting Party
URLs for Services at the Relying Party
The Federation Web Services contains many services to implement legacy federation. When configuring single sign-on, single logout, or identity provider discovery profile through the Administrative UI, you are required to specify URLs that reference the different services.
The following service descriptions include:
The Web.xml file is one of the deployment descriptors for the Federation Web Services application. This file lists servlets and URL mappings.
The following services are provided at the asserting party (Producer/Identity Provider/Account Partner); however, you enter the service URL at the relying party (Consumer/Service Provider/Resource Partner).
The Federation Web Services application supplies the following services:
For SAML 1.x POST and artifact profiles, the intersite transfer URL is a producer-side component that transfers a user from the producer to the consumer.
http://producer_server:port/affwebservices/public/intersitetransfer
Identifies the web server and port number of the system at the producer hosting the Web Agent Option Pack or the SPS federation gateway.
Include the URL in a hard-coded link on a page at the producer.
<servlet> <servlet-name>intersiteTransferService</servlet-name> <display-name>Intersite Transfer Service</display-name> <description>This servlet acts as the Intersite Transfer URL.</description> <servlet-class>com.netegrity.affiliateminder.webservices. IntersiteTransferService </servlet-class> </servlet> <servlet-mapping> <servlet-name>intersiteTransferService</servlet-name> <url-pattern>/public/intersitetransfer/*</url-pattern> </servlet-mapping>
The Assertion Retrieval Service retrieves an assertion for a SAML. 1.x consumer site.
Identifies the web server and port number of the system at the producer hosting the Web Agent Option Pack or the SPS federation gateway.
Specified in the Assertion Retrieval URL field. This field is in the Scheme Setup section of the SAML 1.x authentication scheme page.
<servlet> <servlet-name>assertionretriever</servlet-name> <display-name>SAML Assertion Retrieval servlet</display-name> <description>This servlet processes the HTTP post based SAML requests and returns the SAML Response elements. Both SAML Request and Response elements are SOAP encoded.</description> <servlet-class>com.netegrity.affiliateminder.webservices. AssertionRetriever</servlet-class> </servlet> <servlet-mapping> <servlet-name>assertionretriever</servlet-name> <url-pattern>/assertionretriever/*</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>assertionretriever</servlet-name> <url-pattern>/certassertionretriever/*</url-pattern> </servlet-mapping>
The Artifact Resolution Service retrieves SAML 2.0 assertions for a Service Provider.
http://idp_server:port/affwebservices/saml2artifactresolution
https://idp_server:port/affwebservices/saml2certartifactresolution
Identifies the web server and port hosting the Web Agent Option Pack or SPS federation gateway.
Specified in the Resolution Service field. This field is in the Bindings section of the SSO settings for the SAML 2.0 authentication scheme. To make the field active, select HTTP-Artifact as the binding.
<servlet> <servlet-name>saml2artifactresolution</servlet-name> <display-name>SAML 2.0 Single Sign-On service</display-name> <description>This servlet is the SAML 2.0 Artifact Resolution service at an IdP.</description> <servlet-class>com.netegrity.affiliateminder.webservices. saml2.ArtifactResolution</servlet-class> </servlet>
<servlet-mapping> <servlet-name>saml2artifactresolution</servlet-name> <url-pattern>/saml2artifactresolution/*</url-pattern> </servlet-mapping>
<servlet-mapping> <servlet-name>saml2artifactresolution</servlet-name> <url-pattern>/saml2certartifactresolution/*</url-pattern> </servlet-mapping>
The single sign-on service implements single sign-on for SAML 2.0.
http://idp_server:port/affwebservices/public/saml2sso
Identifies the web server and port hosting the Web Agent Option Pack or SPS federation gateway.
Specified in the SSO Service field. This field is in the SSO settings for the SAML 2.0 authentication scheme.
<servlet> <servlet-name>saml2sso</servlet-name> <display-name>SAML 2.0 Single Sign-On service</display-name> <description>This servlet is the SAML 2.0 Single Sign-On service at an IdP.</description> <servlet-class>com.netegrity.affiliateminder.webservices. saml2.SSO</servlet-class> </servlet> <servlet-mapping> <servlet-name>saml2sso</servlet-name> <url-pattern>/public/saml2sso/*</url-pattern> </servlet-mapping>
The WS-Federation single sign-on service implements single sign-on for WS-Federation.
http://ap_server:port/affwebservices/public/wsfedsso
Specifies the server and port number of the system at the Account Partner. The system is hosting the Web Agent Option Pack or the SPS federation gateway, depending on which component is installed in your federation network.
Specified in the SSO Service field. This field is in the SSO settings of the WS-Federation authentication scheme.
<servlet> <servlet-name>wsfedsso</servlet-name> <display-name>WSFED Single Sign-On service</display-name> <description>This servlet is the WSFED Single Sign-On service at an Account Partner.</description> <servlet-class>com.netegrity.affiliateminder.webservices.wsfed.SSO </servlet-class> </servlet> <servlet-mapping> <servlet-name>wsfedsso</servlet-name> <url-pattern>/public/wsfedsso/*</url-pattern> </servlet-mapping>
This service implements single logout for SAML 2.0.
http://idp_server:port/affwebservices/public/saml2slo
Identifies the web server and port hosting the Web Agent Option Pack or SPS federation gateway.
Specified in the fields of the same name at the Identity Provider. These fields are in the SLO section of the SAML Profiles settings for the SAML Service Provider object.
<servlet> <servlet-name>saml2slo</servlet-name> <display-name>SAML 2.0 Single Logout service</display-name> <description>This servlet is the SAML 2.0 Single Logout service at an IdP.</description> <servlet-class>com.netegrity.affiliateminder.webservices. saml2.SLOService</servlet-class> </servlet> <servlet-mapping> <servlet-name>saml2slo</servlet-name> <url-pattern>/public/saml2slo/*</url-pattern> </servlet-mapping>
This signout service implements WS-Federation sign out functionality.
http://ap_server:port/affwebservices/public/wsfedsignout
Specifies the server and port number of the system at the Account Partner. The system is hosting the Web Agent Option Pack or the SPS federation gateway, depending on which component is installed in your federation network.
Specified in fields of the same name at the Account Partner. These fields are in the Signout section of the SAML Profiles settings for the Resource Partner Properties object.
<servlet> <servlet-name>wsfedsignout</servlet-name> <display-name>WS-Federation Signout Service</display-name> <description>This servlet is the WS-Federation Signout service at an AP.</description> <servlet-class>com.netegrity.affiliateminder.webservices.wsfed. SignoutService</servlet-class> </servlet>
<servlet-mapping> <servlet-name>wsfedsignout</servlet-name> <url-pattern>/public/wsfedsignout/*</url-pattern> </servlet-mapping>
The Identity Provider Discovery Profile service implements the Identity Provider Discovery feature.
https://idp_server:port/affwebservices/public/saml2ipd/*
Identifies the web server and port hosting the Web Agent Option Pack or SPS federation gateway.
Specified in the Service URL field. This field is located in the IPD section of the SAML Profile settings for the SAML Service Provider object at the Identity Provider.
<servlet> <servlet-name>saml2ipd</servlet-name> <display-name>SAML 2.X Identity Provider Discovery Profile service</display-name> <description>This servlet is the SAML 2.X Identity Provider Discovery Profile service at an SP or IdP.</description> <servlet-class>com.netegrity.affiliateminder.webservices. saml2.IPDService</servlet-class> </servlet> <servlet-mapping> <servlet-name>saml2ipd</servlet-name> <url-pattern>/public/saml2ipd/*</url-pattern> </servlet-mapping>
The Attribute Service enables an Attribute Authority to respond to attribute queries from a SAML Requester.
http://idp_server:port/affwebservices/saml2attributeservice
Identifies the web server and port hosting the Web Agent Option Pack or SPS federation gateway.
Specified in the Attribute Service field. This field is in the Attributes settings for the SAML 2.0 authentication scheme at the Service Provider.
<servlet> <servlet-name>saml2attributeservice</servlet-name> <display-name>SAML 2.0 Attribute service</display-name> <description>This servlet is the SAML 2.0 Attribute Service at an IdP.</description> <servlet-class>com.netegrity.affiliateminder.webservices.saml2. AttributeService</servlet-class> </servlet>
<servlet-mapping> <servlet-name>saml2attributeservice</servlet-name> <url-pattern>/saml2attributeservice/*</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>saml2attributeservice</servlet-name> <url-pattern>/saml2certattributeservice/*</url-pattern> </servlet-mapping>
The WSFedDispatcher Service receives all incoming WS-Federation messages and forwards the request processing to other services based on the query parameter data.
https://ap_server:port/affwebservices/public/wsfeddispatcher
Specifies the server and port number of the system at the Account Partner. The system is hosting the Web Agent Option Pack or the SPS federation gateway, depending on which component is installed in your federation network.
Not applicable
<servlet> <servlet-name>wsfeddispatcher</servlet-name> <display-name>WS-Federation Dispatcher service</display-name> <description>This servlet is the WS-Federation Dispatcher service for all WS-Federation services.</description> <servlet-class>com.netegrity.affiliateminder.webservices.wsfed. dispatcher</servlet-class> </servlet>
<<servlet-mapping> <servlet-name>wsfeddispatcher</servlet-name> <url-pattern>/public/wsfeddispatcher/*</url-pattern> </servlet-mapping>
The relying party provides the following services; however, you enter the URL for the service at the asserting party.
The CA SiteMinder® relying party provides the following services:
The SAML Credential Collector service assists in consuming SAML 1.x assertions.
https://consumer_server:port/affwebservices/public/samlcc
Identifies the web server and port hosting the Web Agent Option Pack or SPS federation gateway.
Specified in the Assertion Consumer URL field. This field is on the Assertions page for the SAML 1.x affiliate object. The field is also in the Scheme Setup section for the SAML 1.x POST authentication scheme at the consumer.
<servlet> <servlet-name>samlcredentialcollector</servlet-name> <display-name>SAML Credential Collector</display-name> <description>This servlet acts as the SAML Credential Collector.</description> <servlet-class>com.netegrity.affiliateminder.webservices. SAMLCredentialCollector</servlet-class> </servlet> <servlet-mapping> <servlet-name>samlcredentialcollector</servlet-name> <url-pattern>/public/samlcc/*</url-pattern> </servlet-mapping>
This AuthnRequest service helps implement single sign-on for the artifact or POST profile.
https://sp_server:port/affwebservices/public/saml2authnrequest
Specifies the server and port number at the Service Provider hosting the Web Agent Option Pack or the SPS federation gateway.
Not applicable.
The AuthnRequest is a link in an application at the Service Provider. This link initiates single sign-on and it must be in an application.
<servlet> <servlet-name>saml2authnrequest</servlet-name> <display-name>SAML 2.0 AuthnRequest service</display-name> <description>This servlet is the SAML 2.0 AuthnRequest service at an SP.</description> <servlet-class>com.netegrity.affiliateminder.webservices. saml2.AuthnRequest</servlet-class> </servlet> <servlet-mapping> <servlet-name>saml2authnrequest</servlet-name> <url-pattern>/public/saml2authnrequest/*</url-pattern> </servlet-mapping>
The Assertion Consumer Service enables the consumption of assertions.
https://sp_server:port/affwebservices/public/saml2assertionconsumer
Specifies the server and port number at the Service Provider hosting the Web Agent Option Pack or the SPS federation gateway.
Specified in the Assertion Consumer URL field. This field is part of the SSO settings for the SAML Service Provider object at the Identity Provider.
<servlet> <servlet-name>saml2assertionconsumer</servlet-name> <display-name>SAML 2.0 Assertion Consumer service</display-name> <description>This servlet is the SAML 2.0 Assertion Consumer service at an SP.</description> <servlet-class>com.netegrity.affiliateminder.webservices. saml2.AssertionConsumer</servlet-class> </servlet> <servlet-mapping> <servlet-name>saml2assertionconsumer</servlet-name> <url-pattern>/public/saml2assertionconsumer/*</url-pattern> </servlet-mapping>
The Security Token Consumer Service enables the consumption of assertions at the Resource Partner.
https://rp_server:port/affwebservices/public/wsfedsecuritytokenconsumer
Identifies the web server and port at the Resource Partner hosting the Web Agent Option Pack or SPS federation gateway.
Specified in the Security Token Consumer Service field. This field is part of the SAML Profiles settings for the Resource Partner object at the Account Partner.
<servlet> <servlet-name>wsfedsecuritytokenconsumer</servlet-name> <display-name>Security Token Consumer service</display-name> <description>This servlet is the WS-Federation Security Token Consumer service at an RP.</description> <servlet-class>com.netegrity.affiliateminder.webservices.wsfed. SecurityTokenConsumer</servlet-class> </servlet>
<<servlet-mapping> <servlet-name>wsfedsecuritytokenconsumer</servlet-name> <url-pattern>/public/wsfedsecuritytokenconsumer/*</url-pattern> </servlet-mapping>
The single logout services implement single logout for SAML 2.0.
http://sp_server:port/affwebservices/public/saml2slo
Specifies the server and port number at the Service Provider hosting the Web Agent Option Pack or the SPS federation gateway.
Specified in the fields of the same name. These fields are part of the SLO settings for the SAML 2.0 authentication scheme that you configure at the Service Provider.
<servlet> <servlet-name>saml2slo</servlet-name> <display-name>SAML 2.0 Single Logout service</display-name> <description>This servlet is the SAML 2.0 Single Logout service at an SP.</description> <servlet-class>com.netegrity.affiliateminder.webservices. saml2.SLOService</servlet-class> </servlet> <servlet-mapping> <servlet-name>saml2slo</servlet-name> <url-pattern>/public/saml2slo/*</url-pattern> </servlet-mapping>
The Signout service implements sign out functionality for WS-Federation.
http://rp_server:port/affwebservices/public/wsfedsignout
Identifies the web server and port at the Resource Partner hosting the Web Agent Option Pack or SPS federation gateway.
Specified in fields of the same name. These fields are in the Signout section for the WS-Federation authentication scheme at the Resource Partner.
<servlet> <servlet-name>wsfedsignout</servlet-name> <display-name>WS-Federation Signout Service</display-name> <description>This servlet is the WS-Federation Signout service at an RP.</description> <servlet-class>com.netegrity.affiliateminder.webservices.wsfed. SignoutService</servlet-class> </servlet>
<servlet-mapping> <servlet-name>wsfedsignout</servlet-name> <url-pattern>/public/wsfedsignout/*</url-pattern> </servlet-mapping>
The WSFedDispatcher Service receives all incoming WS-Federation messages. The service then forwards the request processing to other services based on the query parameter data.
https://rp_server:port/affwebservices/public/wsfeddispatcher
Identifies the web server and port at the Resource Partner hosting the Web Agent Option Pack or SPS federation gateway.
Not applicable.
<servlet> <servlet-name>wsfeddispatcher</servlet-name> <display-name>WS-Federation Dispatcher service</display-name> <description>This servlet is the WS-Federation Dispatcher service for all WS-Federation services.</description> <servlet-class>com.netegrity.affiliateminder.webservices.wsfed. dispatcher</servlet-class> </servlet>
<<servlet-mapping> <servlet-name>wsfeddispatcher</servlet-name> <url-pattern>/public/wsfeddispatcher/*</url-pattern> </servlet-mapping>
The Web.xml file lists servlets and URL mappings for the Federation Web Services application.
You cannot change most of this file, but you can modify the URL mappings.
To view the Web.xml file, go to the appropriate file location:
Copyright © 2014 CA.
All rights reserved.
|
|