Previous Topic: How To Protect Resources with a SAML 2.0 Authentication SchemeNext Topic: Configure General Information for the Resource Partner Object


Configure CA SiteMinder® as a WS-Federation Account Partner

This section contains the following topics:

Prerequisites for a CA SiteMinder® Asserting Partner

How To Configure a CA SiteMinder® Account Partner

Add a Resource Partner to an Affiliate Domain

Configure General Information for the Resource Partner Object

Select Users for Which Assertions are Generated

Configure a Name ID for a WS-Federation Assertion

Configure Single Sign-on for WS-Federation

Customize a SAML Assertion Response (optional)

Configure Signout for WS-Federation

Configure Attributes for WS-Federation Assertions (optional)

Prerequisites for a CA SiteMinder® Asserting Partner

For CA SiteMinder® to serve as the asserting partner, verify the following conditions:

How To Configure a CA SiteMinder® Account Partner

CA SiteMinder®, as an Account Partner generates assertions for its business partners, the Resource Partners. To establish a federated partnership, the Account Partner needs information about each Resource Partner. Create a Resource Partner object for each partner. Define how the two entities communicate to pass assertions and to satisfy profiles, such as single sign-on.

To configure CA SiteMinder® to act as an Account Partner

  1. Create a Resource Partner object.
  2. Add the Resource Partner to the affiliate domain.
  3. Specify the general identifying information for the Resource Partner.
  4. Select users from a user store. The Account Partner generates assertions for the users you select.
  5. Specify the Name ID to include in the assertion.
  6. Configure the single sign-on profile.

    You can save a Resource Partner entity without configuring a complete SSO profile. However, you cannot pass an assertion to the Resource Partner without configuring SSO.

  7. Complete optional configuration tasks.

Tips:

Optional Configuration Tasks for a CA SiteMinder® Account Partner

The optional tasks for configuring a Resource Partner include:

Navigating Legacy Federation Dialogs

The Administrative UI provides two ways to navigate to the legacy federation configuration dialogs.

You can navigate in one of two ways:

Add a Resource Partner to an Affiliate Domain

To identify a Resource Partner as an available consumer of assertions, add the Resource Partner to an affiliate domain at the Account Partner. You then configure the Resource Partner so that the Account Partner can issue security token response messages containing assertions.

To add a Resource Partner to an affiliate domain

  1. Navigate to Federation, Legacy Federation, Resource Partners.
  2. Click Create Resource Partner.

    The Create Resource Partner page appears.

  3. Select an affiliate domain, then click Next.

    The General page appears.

  4. Fill in the fields at the top of the dialog.

    Note: Click Help for a description of fields, controls, and their respective requirements.

  5. Select Enabled so the Account Partner can recognize the configured Resource Partner.