The Federation Agent for Windows Authentication lets users on systems implementing one of the Integrated Windows Authentication (IWA) protocols to federate with business partners.
When a user requests access to a protected resource, CA SiteMinder® Federation Standalone uses the log-on identity information from a third-party web access management (WAM) system. This process of using the third-party WAM is known as delegated authentication. The federation system redirects the request to the Federation Agent. The Agent verifies the user identity, creates an open format cookie, and passes the cookie to the federation system. The system then generates a SAML assertion and passes it to the relying party.
Note: See the Federation Standalone Guide for information about delegated authentication.
IWA supports the Windows NT LAN Manager (NTLM) and Kerberos encryption protocols. On a Windows system, the Federation Agent can use NTLM or Kerberos. On a UNIX system, the Windows Agent can only use Kerberos.
The Federation Agent is installed on the same Windows or UNIX system where CA SiteMinder® Federation Standalone is installed. The following restrictions apply:
|
Copyright © 2013 CA.
All rights reserved.
|
|