Previous Topic: Single Logout Configuration for Federation Mode

Next Topic: Assertion Attribute Use by the Target SAP Application

SiteMinder Agent for SAP Web AS GuideConfiguration for Federation Mode with Federation ManagerIdentity Cookie Settings for Federation Mode

Identity Cookie Settings for Federation Mode

Federation Manager supports single sign-on security zones. Single sign-on security zones provide configurable trust relationships between groups of applications within the same cookie domain. Security zone affiliation is reflected in cookie names. For Federation Manager, the default identity cookie is named FEDPROFILE. This cookie contains user identity information and user attributes that an application can use to customize the user experience.

At the relying party, Federation Manager creates the FEDPROFILE cookie and passes the cookie to the Agent for SAP Web AS. The Agent for SAP Web AS extracts the required identity information from the cookie to disambiguate a user and permit access to the requested resource.

For the Agent for SAP Web AS to access and read the FEDPROFILE cookie, the Agent needs its FEDZone and FEDPassword settings to match the cookie zone and password settings for Federation Manager. The values must be shared during an out-of-band communication.

In the Federation Manager UI, go to Infrastructure, Deployment Settings to locate the cookie settings.

Review the value of the following fields so you know how to configure the associated Agent for SAP Web AS settings:

Cookie Zone

Specifies the prefix for the cookie zone name. You can set this prefix to any alphabetical value.

Default: FED

At the relying party, the Federation Manager Cookie Zone value must match the Agent FEDZone value. The values must be shared during an out-of-band communication. Specify theFEDZone value when running the Agent configuration wizard.

Encryption Password

Indicates the encryption password of the FEDPROFILE cookie for the relying party.

If you provide a password for the FEDPROFILE cookie, define the same value for the Agent FedPassword value. The values must be shared during an out-of-band communication. This value cannot be blank. Specify the FEDPassword value when running the Agent configuration wizard.

Confirm Password

Confirms the password entry.

For more information about cookie settings, see the CA Federation Manager Guide.

Note: Some Federation Manager configuration settings are in different dialogs depending on the Federation Manager version. For the exact location of the configuration settings, consult the CA Federation Manager Guide and UI online help for your version of Federation Manager.

More information:

SiteMinder Agent for SAP Web AS Federation Mode Configuration Worksheet