Federation Security Services Guide › Configure SiteMinder as a SAML 1.x Consumer › SAML 1.x Authentication Scheme Prerequisites

SAML 1.x Authentication Scheme Prerequisites

There are several prerequisites you must fulfill before configuring a SiteMinder relying partner.

• Install the Policy Server.

  For installation instructions, refer to the Policy Server Installation Guide.

• Install one of the following
  • The Web Agent and the Web Agent Option Pack. The Web Agent authenticates users and establishes a SiteMinder session. The Option Pack provides the Federation Web Services application. Be sure to deploy the FWS application on the appropriate system in your network.
  • The SPS federation gateway, which has an embedded Web Agent and has the Federation Web Services application on the embedded Tomcat web server.

  For more information, see the Web Agent Option Pack Guide or the Secure Proxy Server Administration Guide.

• Set up a key database for each Policy Server that is responsible for signing, verification or both. Import private keys and certificates for functions that require verification and encrypting of messages.

  The key database is a flat-file key and certificate database that lets you manage and retrieve keys and certificates required to sign and validate SAML responses used with SAML POST profile authentication.

• An asserting partner is set up within the federated network.

How To Configure SiteMinder as a SAML 1.x Consumer

Configuring SiteMinder as SAML 1.x consumer requires the following tasks:

1. Complete the SAML 1.x authentication scheme prerequisites.
2. Select the authentication scheme type and assign it a name.
3. Specify the namespace for users being authenticated with the SAML 1.x authentication scheme.
4. Select the single sign-on profile that this consumer supports (artifact or POST).
5. Configure a SAML authentication scheme for each Producer that is a federation partner and generates assertions. Bind each scheme to a realm. The realm must contain the target URLs for federated resources. Protect these resources with a SiteMinder policy.

Tips:

• Certain parameter values at the Producer and Consumer must match for the configuration to work. A list of those parameters is available in Configuration Settings that Must Use the Same Values.
• Verify that you are using the correct URLs for the Federation Web Services servlets. The URLs are listed in Federation Web Services URLs Used in SiteMinder Configuration.

Optional Tasks to Configure a SiteMinder Consumer

The following tasks are optional for configuring SiteMinder as a consumer:

• Customize assertions using the message consumer plug-in.
• Redirect failed authentication attempts.