CA SiteMinder® Federation Standalone Guide › Single Sign-on Configuration › How to Get User Consent to Send an Assertion › Enable User Consent at the IdP

Enable User Consent at the IdP

Configuring user consent requires that you:

• Enable user consent in the Administrative UI.
• Provide the name of a user consent form.

  The Identity Provider sends the custom form to the user to get consent.

Configure user consent at the Identity Provider using the Administrative UI. When you configure this feature through the UI, only the following URI is used in the assertion response:

urn:oasis:names:tc:SAML:2.0:consent:obtained

You can also enable this feature using the CA SiteMinder® Federation Standalone Java or .NET SDKs. The SDK passes whatever user consent value it receives from the third party that is performing delegated authentication.

User consent is also configurable at the Service Provider. A Service Provider can require the Identity Provider to pass the user consent value in the assertion response.

1. Log in to the Administrative UI.
2. Navigate to Federation, Partnership Federation, Partnerships.
3. Select the IdP->SP partnership you want to modify.
4. Navigate to the SSO and SLO step in the partnership wizard.
5. In the SSO section:
   1. Select the Enable User Consent check box.
   2. Specify the name of the custom form in the User Consent Post Form field.

   Note: The User Consent Service URL is specified by default. You cannot change this value.

6. Navigate to the Confirm step when your configuration is complete and click Finish.