Configure WS-Federation Single Sign-on at the Resource Partner

Federation Security Services Guide › Configure SiteMinder as a Resource Partner › Configure WS-Federation Single Sign-on at the Resource Partner

Configure WS-Federation Single Sign-on at the Resource Partner

The SSO tab configures the WS-Federation single sign-on binding for authentication. This tab also enforces single use assertion policy to prevent the replaying of a valid assertion.

Part of the single sign-on configuration is defining the Redirect Mode setting. The Redirect Mode specifies how Federation Security Services sends assertion attributes, if available, to the target application. You can send assertion attributes as HTTP Headers or HTTP cookies.

The HTTP headers and HTTP cookies have size restrictions that assertion attributes cannot exceed. The size restrictions are as follows:

For HTTP headers, SiteMinder can send an attribute in a header up to the web server size limit for a header. Only one assertion attribute per header is allowed. See the documentation for your web server to determine the header size limit.
For HTTP cookies, SiteMinder can send a cookie up to the size limit for a cookie. Each assertion attribute is sent as its own cookie. The cookie size limit is browser-specific, and that limit is for all attributes being passed to the application, not for each attribute. See the documentation for your web browser to determine the cookie size limit.

To configure WS-Federation single sign-on

Access the Authentication Scheme Properties dialog for the WS-Federation scheme.
Click Additional Configuration.
The WS-Federation Auth Scheme Properties dialog opens.
Select the SSO tab.
Select a value for the Redirect Mode field.
Specify a target resource in the Target field for single sign-on to work. The target specifies the requested resource at the destination Resource Partner and it is required.
Optionally, select the Enable Single Use Policy.
Click OK to save your configuration.