Web Agent Guides › Web Agent Configuration Guide › Manage User Access with IIS › How to Implement an Information Card Authentication Scheme

How to Implement an Information Card Authentication Scheme

CA SiteMinder supports an Information Card Authentication Scheme (ICAS) that implements Windows CardSpace. Users who request access to protected resources can select an authentication card. SiteMinder uses the information contained in the card to verify the user's identity.

Implementing an ICAS requires configuration changes on the following SiteMinder components:

• The server hosting the SiteMinder Web Agent
• The SiteMinder Policy Server
• The smkey database

Use the following process:

1. Do the following tasks on the web server:
   1. Enable SSL communication on the IIS 6.0 web server.

      Note: For more information, see your Microsoft documentation, or go to http://support.microsoft.com/

   2. Export the web server certificate as a .pfx file.
   3. Customize the SiteMinder InfoCard.fcc template.
2. Do the following tasks on the Policy Server:
   1. Install the JCE on the policy server
   2. Update the java.security file on the policy server.
   3. Update the config.properties file on the Policy Server.
   4. If you do not already have an smkey database, Create one with the Policy Server Configuration wizard.
   5. Add the .pfx file certificate from the web server to the smkey database.
   6. Configure the user directory in the Policy Server
   7. Create a custom authentication scheme for CardSpace using the Administrative UI
   8. (Optional) Store the claims in the session store to use in responses.
   9. (Optional) Enable personalization by allowing the retrieval of claim values from the session store.
   10. (Optional) Configure an active response to retrieve a stored claim value.