Federation Security Services Guide › Authenticate WS-Federation Users at a Resource Partner › Configure the WS-Federation Authentication Scheme

Configure the WS-Federation Authentication Scheme

The configuration of the WS-Federation authentication scheme provides information about the Account Partner that generates the assertion for the Resource Partner and instructs how the Resource Partner supports the authentication process.

To configure the common setup and scheme setup

1. Check the WS-Federation Authentication Scheme Prerequisites.
2. Log into the FSS Administrative UI.
3. From the menu bar, select Edit, System Configuration, Create Authentication Scheme.

   The Authentication Scheme Properties dialog box opens.

4. From the Authentication Scheme Type drop-down list, select WS-Federation Template.

   The contents of the SiteMinder Authentication Scheme dialog box change for the scheme.

5. Configure the scheme common setup group box by entering values for the fields.

   Note: Click Help for descriptions of settings and controls, including their respective requirements and limits.

6. Configure the scheme setup by entering values for the following fields:
   • Resource Partner ID
   • Account Partner ID
   • Skew Time
   • Alias (required if signature processing enabled)
7. Ensure the Disable Signature Processing checkbox is set appropriately for single sign-on.

   Important! For debugging purposes only, you can temporarily disable all signature processing (both signing and verification of signatures) by checking the Disable Signature Processing option.

After configuring an authentication scheme, associate the scheme with a realm that contains the resource you want to protect.