Federation Security Services GuideOverview of a SiteMinder Federation Partnership SetupSet Up Producing Authority Components › Set up Affiliate Domains and Add Sites to these Domains

Previous Topic: Install the Producing-side Policy Server

Next Topic: Install a Web Agent or SPS Federation Gateway (Producing-side)

Set up Affiliate Domains and Add Sites to these Domains

Before you set up Federation Web Services, you establish affiliate domains and add the sites that will consume assertions to the affiliate domains. This identifies the partners to the site producing the assertions.

At the producing authority:

  1. Access the FSS Administrative UI.
  2. Create an affiliate domain.
  3. Add a user store for users that the producing authority (producer, IdP, AP) will generate assertions.
  4. Add an object for each consuming authority (consumer, SP, RP) to the affiliate domain.

    There should be a one-to-one correspondence between a consuming authority and each object added to the domain.

  5. After adding sites to an affiliate domain, ensure that you protect the AuthenticationURL, which ensures that a user has a session at the producing authority prior to process a request for a federated resource.

    To do this:

    1. Create a policy domain.
    2. Protect the policy domain with the Web Agent that is protecting the server with the Web Agent Option Pack.
    3. To this policy domain, add a realm, rule, and policy that protects the Authentication URL.

More Information:

Add Entities to an Affiliate Domain

Protect the Authentication URL to Create a SiteMinder Session (SAML 1.x)

Protect the Authentication URL to Create a SiteMinder Session (SAML 2.0)

Copyright © 2010 CA. All rights reserved. Email CA about this topic