Configure WS-Federation Single Sign-on at the Resource Partner

Federation Guides › Legacy Federation Guide › Configure CA SiteMinder® as a WS-Federation Resource Partner › Configure WS-Federation Single Sign-on at the Resource Partner

Configure WS-Federation Single Sign-on at the Resource Partner

You configure the WS-Federation single sign-on binding for authentication in the SSO section of the SAML Profiles page. You can also enforce single use assertion policy to prevent the replaying of a valid assertion in this section.

Part of the single sign-on configuration is defining the Redirect Mode setting. The Redirect Mode specifies how CA SiteMinder® sends assertion attributes, if available, to the target application. You can send assertion attributes as HTTP Headers or HTTP cookies.

The HTTP headers and HTTP cookies have size restrictions that assertion attributes cannot exceed. The size restrictions are as follows:

For HTTP headers, CA SiteMinder® can send an attribute in a header up to the web server size limit for a header. Only one assertion attribute per header is allowed. See the documentation for your web server to determine the header size limit.
For HTTP cookies, CA SiteMinder® can send a cookie up to the size limit for a cookie. Each assertion attribute is sent as its own cookie. The cookie size limit is browser-specific, and that limit is for all attributes being passed to the application, not for each attribute. See the documentation for your web browser to determine the cookie size limit.

To configure WS-Federation single sign-on

Navigate to the authentication scheme for the Resource Partner you are configuring.
Select WS-Federation Configuration, SAML Profiles. Click Modify first if you are modifying an existing scheme.
The SAML Profiles dialog opens.
Complete the fields in the SSO section.
Note: Click Help for descriptions of settings and controls, including their respective requirements and limits.
Click Submit.