Agent for Windows Authentication Guide › Delegated Authentication Setup
Delegated Authentication Setup
The Federation Agent works with CA SiteMinder® Federation Standalone so users can authenticate in an IWA context. Because the Federation Agent is acting as a third-party authentication service, configure the federation system to use delegated authentication.
Follow these steps:
- Log in in to the Administrative UI.
- Select the SAML 1.1 or SAML 2.0 partnership you want to edit. Edit a Producer-> Consumer partnership or an IdP -> SP partnership.
- Navigate to one of the following steps in the partnership wizard:
- SAML1.1: Single Sign-on
- SAML 2.0: SSO and SLO
- Set the Authentication Mode to Delegated.
- Set the Delegated Authentication Type to Open Format Cookie.
Note the following information:
- The Federation Agent requires delegated authentication that is based on the open format cookie. This option is not available if you configured the federation system to use the SiteMinder Connector.
- The values for the cookie settings that you specified during the Agent configuration must match the values in the Deployment settings of the Administrative UI.
- Enter the delegated authentication URL.
Example: http://hostname:portnum/iwa/IWARedirect
Delegated authentication is enabled.
Note: For more information about delegated authentication, see the CA SiteMinder® Federation Standalone Guide.
Copyright © 2014 CA.
All rights reserved.
|
|