This section contains the following topics:
Prerequisites for a CA SiteMinder® Asserting Partner
How to Configure a CA SiteMinder® Identity Provider
Add a SAML 2.0 Service Provider to an Affiliate Domain
Configure General Information for the Service Provider Object
Select Users for Which Assertions are Generated
Specify a Name ID for a SAML 2.0 Assertion
Customize a SAML Assertion Response (optional)
Configure Single Sign-on for SAML 2.0
Grant Access to the Service for Assertion Retrieval (Artifact SSO)
Configure the Authentication Scheme that Protects the Artifact Service
Initiate Single Sign-on from the IdP or SP
Configure Attributes for Assertions (optional)
Configure Single Logout (optional)
Configure Identity Provider Discovery at the IdP
Validate Signed AuthnRequests and SLO Requests/Responses
Encrypt a NameID and an Assertion
Request Processing with a Proxy Server at the IdP
For CA SiteMinder® to serve as the asserting partner, verify the following conditions:
For more information, see the Web Agent Option Pack Guide.
CA SiteMinder®, as an Identity Provider generates assertions for its business partners, the Service Providers. To establish a federated partnership, the Identity Provider needs information about each partner. Create a Service Provider object for each partner and define how the two entities communicate to pass assertions and to satisfy profiles, such as single sign-on.
To configure a CA SiteMinder® Identity Provider
You can save a Service Provider entity without configuring a complete SSO profile. However, you cannot pass an assertion to the Service Provider without completing the SSO configuration.
Tips:
The following optional tasks are for identifying a Service Provider:
The Administrative UI provides two ways to navigate to the legacy federation configuration dialogs.
You can navigate in one of two ways:
When you create an object, a page displays with a configuration wizard. Follow the steps in the configuration wizard to create the object.
When you modify an existing object, a page displays with a series of tabs. Modify the configuration from these tabs. These tabs are the same as the steps in the configuration wizard.
To identify a Service Provider as an available consumer of CA SiteMinder®-generated assertions, add the Service Provider to an affiliate domain at the Identity Provider. You then define the configuration of the Service Provider so that the Identity Provider can issue assertions for it.
Follow these steps:
Configure the general settings.
Copyright © 2013 CA.
All rights reserved.
|
|