The configuration of the SAML 1.x artifact authentication scheme lets you enter information about the producer site that provides the SAML assertion to the consumer.
After you configure an authentication scheme, associate the scheme with a realm that contains the resource you want to protect.
To configure the SAML 1.x artifact authentication scheme
The contents of the SiteMinder Authentication Scheme dialog change to support the SAML artifact scheme.
Note: Click Help for descriptions of settings and controls, including their respective requirements and limits.
Important! The Affiliate Name, Password, and Verify Password fields must match other values in your federation network. For details, go to Configuration Settings that Must Use the Same Values.
Note: You can specify the target resource using the value of the TARGET query parameter in the authentication response URL or by specifying a default target URL in this dialog. The checkbox labeled Query Parameter TARGET Overrides Default Target URL is selected by default. If you uncheck this box, you must enter a value for the Default TARGET URL field.
The SAML 1.x Artifact authentication scheme is now configured.
For the SAML artifact profile, the producer sends the assertion to the consumer over a protected backchannel. If you are using basic authentication to protect the backchannel, the value of the Affiliate Name field is the name of the consumer. If you are using client certificate authentication for the backchannel, the value of the Affiliate Name field must be the alias of the client certificate stored in the smkeydatabase.
If you use client certificate authentication for communication over the backchannel, you can use non-FIPS 140 encrypted certificates even if the Policy Server is operating in FIPS-only mode. However, for a strictly FIPS-only installation, use certificates only encrypted with FIPS 140-compatible algorithms.
|
Copyright © 2012 CA.
All rights reserved.
|
|