Federation Security Services Guide › Configure SiteMinder as a SAML 1.x Consumer › SAML 1.x Authentication Scheme Prerequisites
SAML 1.x Authentication Scheme Prerequisites
There are several prerequisites you must fulfill before configuring a SiteMinder relying partner.
- Install the Policy Server.
For installation instructions, refer to the Policy Server Installation Guide.
- Install one of the following
- The Web Agent and the Web Agent Option Pack. The Web Agent authenticates users and establishes a SiteMinder session. The Option Pack provides the Federation Web Services application. Be sure to deploy the FWS application on the appropriate system in your network.
- The SPS federation gateway, which has an embedded Web Agent and has the Federation Web Services application on the embedded Tomcat web server.
For more information, see the Web Agent Option Pack Guide or the Secure Proxy Server Administration Guide.
- Set up a key database for each Policy Server that is responsible for signing, verification or both. Import private keys and certificates for functions that require verification and encrypting of messages.
The key database is a flat-file key and certificate database that lets you manage and retrieve keys and certificates required to sign and validate SAML responses used with SAML POST profile authentication.
- An asserting partner is set up within the federated network.
How To Configure SiteMinder as a SAML 1.x Consumer
Configuring SiteMinder as SAML 1.x consumer requires the following tasks:
- Complete the SAML 1.x authentication scheme prerequisites.
- Select the authentication scheme type and assign it a name.
- Specify the namespace for users being authenticated with the SAML 1.x authentication scheme.
- Select the single sign-on profile that this consumer supports (artifact or POST).
- Configure a SAML authentication scheme for each Producer that is a federation partner and generates assertions. Bind each scheme to a realm. The realm must contain the target URLs for federated resources. Protect these resources with a SiteMinder policy.
Tips:
Optional Tasks to Configure a SiteMinder Consumer
The following tasks are optional for configuring SiteMinder as a consumer:
- Customize assertions using the message consumer plug-in.
- Redirect failed authentication attempts.
Copyright © 2012 CA.
All rights reserved.
|
|