Programming GuidesProgramming Guide for PerlPolicy Management APIFederation Security Services › WS-Federation

Previous Topic: SAML 2.0 Indexed Endpoints

Next Topic: Sample Scripts
WS-Federation

The WS-Federation specification provides a protocol for how passive clients (such as Web browsers) implement the federation framework. ADFS is Microsoft's implementation of the WS-Federation Passive Requestor Profile.

Web SSO and sign-out in this environment are implemented using Account Partners and Resource Partners. An Account Partner authenticates users, provides WS-Federation security tokens, and passes them to a Resource Partner. The Resource Partner consumes security tokens and establishes a session based on the contents of the WS-Federation security token.

For SiteMinder to act as an Account Partner, an administrator must define the Resource Partner that will be consuming security tokens. This is done by defining a Resource Partner in an Affiliate domain. For SiteMinder to act as a Resource Partner, an administrator must define the Account Partner that is going to supply security tokens. This is done by defining a WS-Federation authentication scheme.

In a Perl script, you define a Resource Partner by calling the PolicyMgtAffDomain‑>CreateWSFEDResourcePartner method as follows:

$aff = $affDomain‑>CreateWSFEDResourcePartner(propsHash_ref);

propsHash_ref is a reference to a hash table of metadata properties defined for the Resource Partner.

This method returns a PolicyMgtWSFEDResourcePartner object. The PolicyMgtWSFEDResourcePartner object includes methods for managing users in the Resource Partner (AddUser, GetAllUsers, and RemoveUser). Note that the PolicyMgtWSFEDResourcePartner‑>Property() method does not submit changes to the data store. You must call the PolicyMgtWSFEResourcePartner‑>Save() method.

To define an Account Partner in a Perl script you create an instance of a WS-Federation authentication scheme by calling PolicyMgtSession‑>CreateWSFEDAuthScheme(). You can set or retrieve metadata properties for this authentication scheme by calling PolicyMgtSession‑>WSFEDAuthSchemeProperties().

There are no methods for deleting or retrieving a WS-Federation authentication scheme specifically. You use the DeleteAuthScheme, GetAuthScheme, and GetAllAuthSchemes as you would for any other type of authentication scheme. .

More Information:

WS-Federation Resource Partner Methods

WS-Federation Resource Partner Attribute Methods

Copyright © 2010 CA. All rights reserved. Email CA about this topic