|
|
|
If you purchased the Policy Server, any SiteMinder site can consume SAML 1.x assertions and use these assertions to authenticate and authorize users. If you have sites in your federated network that have user stores, you may want to use SAML authentication.
There are two SAML 1.x authentication methods available for configuration with SiteMinder:
The SAML-based authentication schemes let a consumer site in a federated network authenticate a user. It enables cross-domain single sign-on by consuming a SAML assertion and establishing a SiteMinder session. After the user is identified, the consumer site can authorize the user for specific resources.
A consumer is a site that uses a SAML 1.x assertion to authenticate a user. A producer is a site that generates SAML 1.x assertions.
Note: A site may be both a SAML producer and a SAML consumer.
The following illustration shows the major components for authentication at the consumer site.
Note: The SPS federation gateway can replace the Web Agent and Web Agent Option Pack to provide the SiteMinder Federation Web Services application functions. For information about installing and configuring the SPS federation gateway, see the CA SiteMinder Secure Proxy Server Administration Guide.
The SAML 1.x authentication scheme is configured at the consumer-side Policy Server and is invoked by the SAML credential collector. The SAML credential collector is a component of the Federation Web Services application and is installed on the consumer-side Web Agent or SPS federation gateway. The credential collector obtains information from the SAML authentication scheme at the Policy Server, then uses that information to access a SAML assertion.
The SAML assertion becomes the user's credentials to login to the Policy Server at the consumer site. The user is authenticated and authorized, and if authorization is successful, the user is redirected to the target resource.
| Copyright © 2010 CA. All rights reserved. | Email CA about this topic |