Previous Topic: Export Metadata to Aid Partnership ConfigurationNext Topic: Log Files that Aid Troubleshooting

Federation GuidesPartnership Federation GuideExport Metadata to Aid Partnership ConfigurationHow To Enable WS-Federation Metadata Exchange

How To Enable WS-Federation Metadata Exchange

The Policy Server supports the Web Services Metadata Exchange profile for WS-Federation partnerships. This web service enables the CA SiteMinder® local partner to respond to requests from a remote partner for metadata. The exchange occurs as an HTTP request and response.

The use of the HTTP protocol lets a remote entity configure the federation programmatically. An application can use the URL to gather the necessary information.

The following graphic shows the configuration steps for metadata exchange.

Configuration steps for WSFED metadata exchange

Complete the following configuration for metadata exchange:

  1. Review the metadata exchange transaction flow.
  2. Give the metadata exchange URL to your partner.
  3. Enable WSFED metadata exchange.
Metadata Exchange Transaction Flow

A metadata exchange transaction has the following process flow:

  1. A remote partner sends a request to the metadata exchange URL provided by the local partner.
  2. The local partner sends the metadata back in an HTTP response to the remote partner. The Policy Server secures the metadata by signing the response. The certificate that lets the remote partner verify the response is in the response.

    The Policy Server generates the metadata document at the time of the request. This document is not stored at the local partner.

  3. The remote partner verifies the signature of the response. Assuming the signature is valid, it parses the metadata document and uses the information to establish entities and partnerships.
Give the Metadata Exchange URL to Your Partner

Before any metadata transaction occurs, give the URL for metadata exchange requests to your remote partners. A federated partner must send the request to the following URL:

https://server:port/affwebservices/public/FederationMetadata/partnership_name

server:port

Name of the system hosting the metadata exchange service.

partnership_name

Name of a configured partnership.

Enable WSFED Metadata Exchange

Enable the metadata exchange feature at a local WS-Federation partner.

Follow these steps:

  1. Log in to the Administrative UI.
  2. Select the WSFED partnership that you want to modify.
  3. In the Configure Partnership step of the partnership wizard, select the Enable Metadata Exchange check box.
  4. Navigate to the Confirm step and click Finish.
  5. Return to the main Partnership Federation tab (Federation, Partnership Federation).
  6. Select Metadata Exchange Configuration in the left pane.

    The Metadata Exchange Configuration screen displays.

  7. Provide the values to sign the response.
  8. Click Save.

Metadata exchange is now configured for the partnership.