Federation Security Services Guide › Deploying Federation without the FSS Sample Application › Manual FSS-to-FSS Deployment Overview

Manual FSS-to-FSS Deployment Overview

You can accomplish manually what the sample application deploys automatically. The manual deployment tasks begin with a simple configuration--single sign-on with POST binding. By starting with a basic configuration, you can complete the least number of steps to see how SiteMinder federation works.

After getting POST single sign-on to work, additional tasks, such as configuring artifact binding, digital signing, and encryption are described so you can add these features to reflect a real production environment.

Important! The deployment exercise is only for SAML 2.0. These procedures do not apply to a SAML 1.x or WS-Federation configuration.

The manual deployment examples are different from the sample application deployment in the following ways:

• The deployment described is set up across two systems, with a Policy Server and Web Agent on each system. The two systems represent the IdP and the SP.
• Additional features are documented for the manual configuration that the sample application does not set up, including:
  • configuring SSL for the artifact back channel
  • adding an attribute to an assertion
  • digitally signing and verifying an assertion
  • encrypting and decrypting an assertion

Important! The procedures throughout the manual deployment use sample data. To use data from your environment, specify entries for your Identity Provider and Service Provider configuration.