Previous Topic: Configure a Name ID for a WS-Federation AssertionNext Topic: Set the Skew Time WS-Federation Single Sign-on

Federation Security Services GuideConfigure SiteMinder as an Account PartnerConfigure Required General Information for WS-Federation

Configure Required General Information for WS-Federation

Select the General tab to configure required items, such as the ID of the Resource Partner and Account Partner.

To configure the general settings

  1. Log in to the FSS Administrative UI.
  2. Open the Resource Partner Properties dialog.
  3. Select the General tab.
  4. Fill-in values for the following required fields:
    Resource Partner ID

    Specifies a URI that uniquely identifies the Resource Partner, such as, rp.example.com.

    Account Partner ID

    Specifies a URI that uniquely identifies the Account Partner, such as ap-ca.com. This becomes the Issuer field in the SAML assertion.

    Skew Time

    Specifies the number of seconds (as a positive integer) to be subtracted from the current time to account for Resource Partners that have clocks that are not synchronized with the Policy Server acting as an Account Partner.

    For single sign-on, the value of the Skew Time and the single sign-on validity duration (Validity Duration field on the SSO tab) determine how long an assertion is valid. Review how the assertion validity is calculated to understand more about the skew time.

  5. For debugging purposes only, you can temporarily disable all signature processing (both signing and verification of signatures) by selecting the Disable Signature Processing checkbox.

    Important! By default, signature processing is enabled because it is required by the WS-Federation Passive Requester profile for single sign-on; therefore, it must be enabled in a production environment.

More Information:

Set the Skew Time WS-Federation Single Sign-on