CA SiteMinder® Federation Standalone Guide › CA SiteMinder® Integration with CA SiteMinder® Federation Standalone › How to Integrate CA SiteMinder® Federation Standalone and CA SiteMinder® › Enable the Connector at the Partnership Level
Enable the Connector at the Partnership Level
Before you enable the Connector, verify:
- The CA SiteMinder® Policy Administrator has configured the policy for federated communication.
- You have configured the Connector-specific settings in CA SiteMinder® Federation Standalone.
Enable the Connector for the partnership where CA SiteMinder® is deployed:
- If CA SiteMinder® is at the asserting party, enable the Connector for an IdP-to-SP or Producer-to-Consumer partnership.
- If CA SiteMinder® is at the relying party, enable the Connector for an SP-to-IdP or Consumer-to-Producer partnership.
Whether you are modifying an existing partnership of configuring a new partnership, the standard partnership configuration steps apply; there are no unique configuration procedures. However, specify the target resources at the relying party in the using the following guidelines:
- If CA SiteMinder® Federation Standalone is deployed in standalone mode, the target resource resides on the web server that the CA SiteMinder® Web Agent protects.
- If CA SiteMinder® Federation Standalone is deployed in proxy mode, the target resource is the URL for the CA SiteMinder® Federation Standalone server because all proxy requests go back to CA SiteMinder®.
Follow these steps:
- Log in to the Administrative UI.
- Select a partnership from the Federated Partnerships list or create a new one.
The Partnership dialog opens.
- Navigate to one of the following steps in the wizard:
- At the relying party, navigate to the User Identification step in the Partnership wizard.
- At the asserting party, navigate to the Federation Users step in the Partnership wizard.
- Select the Enable SiteMinder Connector check box.
The configuration fields become available.
- (Optional) Select the Enforce UserDN and Directory Name Comparison check box. Selecting this check box forces a comparison of the UserDN and UserDirectory Name entries between the user directory at CA SiteMinder® Federation Standalone and the directory at CA SiteMinder®.
If you select this check box, the user directory for the CA SiteMinder® Federation Standalone and the CA SiteMinder® deployment must be the same physical directory. The name for both of these directories must be the same for user store lookups. If you clear the check box, the Universal ID is the attribute that finds the user record. If the Universal ID is used, the directories do not have to be the same. If you rely on the Universal ID, each user must have a unique Universal ID. If the Universal IDs are not unique, the system accessing the user record can retrieve the wrong record.
- Save your changes.
To disable the Connector, you can do so at the partnership level or globally in the Deployment Settings.
Copyright © 2013 CA.
All rights reserved.
|
|