When you add a Resource Partner to an affiliate domain, one of the parameters you are required to set is the Authentication URL parameter.
The Authentication URL points to the redirect.jsp file, which is installed at the Account Partner site, where you install the Web Agent Option Pack or SPS federation gateway. A SiteMinder policy must protect the redirect.jsp file so that an authentication challenge is presented to users who request a protected Resource Partner resource but do not have a SiteMinder session.
A SiteMinder session is required for the following bindings:
A user must have a session, but it does not have to be a persistent session because security token response messages are delivered directly to the Resource Partner site through the browser of the user. The tokens do not have to be stored in the session server.
If you enable signout, a persistent session is required. When a user first requests a Resource Partner resource, the session established at that time must be stored in the session server so that the necessary session information is available when signout is later executed.
After a user is authenticated and successfully accesses the redirect.jsp file, a session is established. The redirect.jsp file redirects the user back to the Account Partner so the request can be processed and the assertion can be delivered to the user.
The procedure for protecting the Authentication URL is the same regardless of the following conditions:
|
Copyright © 2012 CA.
All rights reserved.
|
|