Federation Security Services GuideIdentify Service Providers for a SAML 2.0 Identity ProviderConfigure Single Sign-on for SAML 2.0 › Enforcing the Authentication Scheme Protection Level for SSO

Previous Topic: Define Indexed Endpoints for Different Single Sign-on Bindings

Next Topic: Allow the Identity Provider to Assign a Value for the NameID

Enforcing the Authentication Scheme Protection Level for SSO

When a user requests a federated resource, they must have a SiteMinder session. If a user does not have a SiteMinder session, the user is redirected to the Authentication URL to establish a session. The authentication scheme protecting the Authentication URL is configured with a particular protection level. This protection level must be the same or greater than the level you configure in the Authentication Level field on the SAML Service Provider Properties dialog.

If the protection level for the Authentication URL is less than the level set in the Authentication Level field, SiteMinder will not generate an assertion.

Copyright © 2010 CA. All rights reserved. Email CA about this topic