Federation Security Services Guide › Configure SiteMinder as a SAML 2.0 Identity Provider › Configuration Checklist at the Identity Provider

Configuration Checklist at the Identity Provider

Identifying a Service Provider to an Identity Provider is a task you complete at the SAML 2.0 Identity Provider because the Identity Provider needs information about the Service Provider to generate an assertion for that entity. Therefore, you identify the Service Provider to the Identity Provider and define how the two entities will communicate to pass assertions and to satisfy profiles, such as Web single sign-on or single logout.

• Required Configuration Tasks
• Optional Configuration Tasks

Tips:

• Certain parameter values at the Identity Provider and Service Provider must match for the configuration to work. A list of those parameters can be found in Configuration Settings that Must Use the Same Values.
• To ensure you are using the correct URLs for the Federation Web Services servlets, a list of URLs can be found in Federation Web Services URLs Used in SiteMinder Configuration.

How to Configure a SiteMinder Identity Provider

SiteMinder, as an Identity Provider generates assertions for its business partners, the Service Providers. To establish a federated partnership, the Identity Provider needs information about each partner. Create a Service Provider object for each partner and define how the two entities communicate to pass assertions and to satisfy profiles, such as single sign-on.

To configure a SiteMinder Identity Provider

1. Create a Service Provider object.
2. Add the Service Provider to an affiliate domain.
3. Specify the general identifying information for the Service Provider.
4. Select users from a user store. The Identity Provider generates assertions for these users.
5. Specify the Name ID.
6. Configure a single sign-on (SSO) profile.

   You can save a Service Provider entity without configuring a complete SSO profile. However, you cannot pass an assertion to the Service Provider without completing the SSO configuration.

7. Configure signing and encryption for requests and responses.
8. Complete optional configuration tasks.

Tips:

• Certain parameter values at the Identity Provider and Service Provider must match for the configuration to work. A list of those parameters can be found in Configuration Settings that Must Use the Same Values.
• Use the correct URLs for the Federation Web Services servlets. A list of URLs can be found in Federation Web Services URLs Used in SiteMinder Configuration

Optional Configuration Tasks for Identifying a Service Provider

The following optional tasks are for identifying a Service Provider:

• Configure IP address restrictions to limit the addresses that are used to access Service Providers.
• Configure time restrictions for Service Provider operations.
• Enable enhanced client or proxy profile.
• Configure attributes for inclusion in assertions.
• Configure single logout (SLO).
• Configure the Identity Provider Discovery profile.
• Encrypt the Name ID in the assertion and/or the entire assertion.
• Sign the assertion and/or the entire assertion response.
• Sign the artifact resolve message and/or the artifact response.
• Customize a SAML assertion response using the Assertion Generator plug-in.