Previous Topic: Grant Access to Federation Web ServicesNext Topic: Complete the General Settings for the Affiliate


Configure CA SiteMinder® as a SAML 1.x Producer

This section contains the following topics:

Prerequisites for a CA SiteMinder® Asserting Partner

How To Configure a CA SiteMinder® Producer

Associate a SAML 1.x Affiliate with an Affiliate Domain

Complete the General Settings for the Affiliate

Select Users for Which Assertions are Generated

Configure a SAML 1.x Assertion

Grant Access to the Service for Assertion Retrieval (Artifact SSO)

Configure the Authentication Scheme that Protects the Artifact Service

Configure Attributes to Include in SAML 1.x Assertions (Optional)

Customize a SAML Assertion Response (optional)

Creating Links to Consumer Resources for Single Sign-on

Prerequisites for a CA SiteMinder® Asserting Partner

For CA SiteMinder® to serve as the asserting partner, verify the following conditions:

How To Configure a CA SiteMinder® Producer

CA SiteMinder®, as an SAML producer generates assertions for its business partners, the consumers. To establish a federated partnership, the producer needs information about each partner, referred to as an affiliate in the Administrative UI. Create an affiliate object for each partner and define how the two entities communicate to pass assertions and to satisfy profiles, such as single sign-on.

The following configuration tasks at the producer are required:

  1. Associate the affiliate with an affiliate domain.
  2. Configure the general settings for the affiliate.
  3. Select the users for which the producer generates assertions.
  4. Configure an assertion.
  5. (HTTP-Artifact SSO only)
    1. Enable the session store to store assertions. Manage the session store using the Policy Server Management Console.
    2. Permit access to the assertion retrieval service for each applicable relying party.
  6. Create links to initiate single sign-on.
  7. Complete optional configuration tasks.

Tips:

Optional Configuration Tasks for Identifying an Affiliate

The following tasks are optional for identifying an affiliate.

Navigating Legacy Federation Dialogs

The Administrative UI provides two ways to navigate to the legacy federation configuration dialogs.

You can navigate in one of two ways:

Associate a SAML 1.x Affiliate with an Affiliate Domain

An affiliate domain is a logical grouping of federation partners. You associate an affiliate with an affiliate domain so that CA SiteMinder® is able to recognize it.

Follow these steps:

  1. Log in to the Administrative UI.
  2. Click Federation, Legacy Federation, Affiliates.
  3. Click Create Affiliate.
  4. Select the affiliate domain where this affiliate belongs.
  5. Click Next.

The affiliate is associated with an affiliate domain. The next step in is to provide some general information about the affiliate.

More Information:

Authenticate Users with No CA SiteMinder® Session (SAML 1.x)