Federation Security Services Guide › Identify Consumers at a SAML 1.x Producer › Add a Consumer to an Affiliate Domain

Add a Consumer to an Affiliate Domain

Entities that consume SAML 1.x assertions are called consumers in the Federation Security Services documentation. However, in the Policy Server User Interface, the term affiliate is used to represent the consumer. When used in the Policy Server User Interface, the term affiliate is synonymous with consumer.

To add a consumer to an affiliate domain

1. Log into the FSS Administrative UI.
2. Display the list of domains.
3. Expand the affiliate domain where you want to add a consumer.
4. Click on the Affiliates icon.
5. From the menu bar, select Edit, Create Affiliate.

   The Affiliate dialog box opens.

6. Complete the following required fields.

   Note: You can click Help for a description of fields, controls, and their respective requirements.

   • Name
   • Password and Confirm Password (For SAML artifact only)
   • Authentication URL

     This URL must point to the redirect.jsp file -- for example,

     http://myserver.mysite.com/siteminderagent/redirectjsp/redirect.jsp

     myserver

     Identifies the web server with the Web Agent Option Pack or the SPS federation gateway.

     Note: You will need to create a policy to protect the AuthenticationURL.

7. Select the Enabled check box to activate the affiliate object.

   This check box must be marked for the Policy Server and Federation Web Services to support authentication for the consumer resources.

8. Optionally, check the Use Secure URL check box.

   The Use Secure URL feature instructs the SSO Service to encrypt the SMPORTALURL query parameter that it appends to the Authentication URL prior to redirecting the user to establish a SiteMinder session. Encrypting the SMPORTALURL protects it from being modified by a malicious user.

   Note: If you select this checkbox, set the Authentication URL field to the following URL:

   http(s)://idp_server:port/affwebservices/secure/secureredirect.

   Click Help for more details about this field.

9. Optionally, if the SAML Affiliate Agent is acting as the SAML consumer, select the Allow Notification check box to provide event notification services for the consumer.

   The notification feature allows the producer to track user activity at the consumer. If this check box is selected, the producer can receive event notifications from the consumer about which resources a user has accessed. When the user accesses specific URLs at the consumer, the consumer may notify the producer. The producer can log this activity and use the information for auditing or reporting purposes.

   Important! The Notification service is not supported with the SAML credential collector acting as a consumer.