When you add a Service Provider to an affiliate domain, one of the parameters you are required to set is the AuthenticationURL parameter.
The file that the Authentication URL points to is the redirect.jsp file. This file is installed at the Identity Provider site where you install the Web Agent Option Pack or the SPS federation gateway. The redirect.jsp file must be protected by a SiteMinder policy so that an authentication challenge is presented to users who request a protected Service Provider resource but do not have a SiteMinder session.
A SiteMinder session is required for the following bindings:
If you configure single sign-on using an HTTP artifact binding, a persistent session is needed to store SAML assertions in the session server.
A user must have a session, but it does not have to be a persistent session because assertions are delivered directly to the Service Provider site through the user’s browser. The assertions do not have to be stored in the session server.
If you enable single logout, a persistent session is required. When a user first requests a Service Provider resource, the session established at that time must be stored in the session server so that the necessary session information is available when a single logout is later executed.
After a user is authenticated and successfully accesses the redirect.jsp file, a session is established. The redirect.jsp file redirects the user back to the Identity Provider Web Agent or the SPS federation gateway so that the request can be processed and delivered to the SAML assertion for the user.
The procedure for protecting the Authentication URL is the same regardless of the following set-ups:
|
Copyright © 2012 CA.
All rights reserved.
|
|