|
|
|
The main purpose of Federation Manager is to establish a partnership between two organizations so they can share user identity information and attributes to facilitate single sign-on. A Federation Manager partnership consists of two entities at two different sites—one local and one remote. Either entity can assume the role of the asserting party, the side that creates the assertion or the relying party, the side that uses the identity information in the assertion.
If Federation Manager is deployed at both sites, each site must define a partnership. Therefore, for each local asserting party-to-relying party partnership at one site, there has to be a reciprocal local relying party-to-asserting party partnership at the corresponding site. These two definitions define a single partnership. For example, Site A is the local SAML 2.0 IdP and has specified a partnership with Site B as the remote SAML 2.0 SP. Site B is the local SAML 2.0 SP and has specified a partnership with Site A as its remote SAML 2.0 IdP.
In the following network, Federation Manager is deployed only at the relying party where the Agent for SAP Web AS and SAP Web AS J2EE server reside so you only need one partnership definition. Configure Federation Manager as the local relying party and the partner providing the assertion as the remote asserting party. For SAML 2.0, for example, the relying party is the local SP while the asserting party is the remote IdP.
The following figure shows the sides of a federated partnership.
Note: A relying party can establish partnerships with more than one asserting party.
| Copyright © 2012 CA. All rights reserved. |
|