Federation Security Services Guide › Authenticate SAML 1.x Users at a Consumer › How To Protect a Resource with a SAML 1.x Authentication Scheme

How To Protect a Resource with a SAML 1.x Authentication Scheme

At the consumer, you must configure a SAML 1.x artifact or POST profile authentication scheme for each producer that generates assertions. After that authentication scheme is created, you can use it to protect federation resources.

To protect a federation resource with a SAML authentication scheme:

1. Create a realm that uses the SAML authentication scheme. The realm is the collection of target resources being requested by users.

   There are two ways to set-up a realm that includes a SAML authentication scheme:

   • You can create a unique realm for each authentication scheme already configured.
   • You can configure a single target realm that uses a custom authentication scheme to dispatch requests to the corresponding SAML authentication schemes. Configuring one realm with a single target for all producers simplifies configuration of realms for SAML authentication.
2. After configuring a realm, configure an associated rule and optionally, a response.
3. Group the realm, rule, and response into a policy that protects the target resource.

Important! Each target URL in the realm is also identified in an intersite transfer URL. An intersite transfer URL redirects a user from the producer to the consumer, and the target URL is specified in the URL's TARGET variable. At the producer site, an administrator needs to include this URL in a link so that this link the user gets redirected to the consumer.