The Advanced tab of the Authentication Scheme dialog box lets you use a custom SAML artifact scheme written with the SiteMinder Authentication API.
Complete the following fields:
For the SAML artifact profile, the asserting party sends the assertion to the consumer over a back channel. Protect the back channel with an authentication scheme. You can use a basic or client certificate authentication scheme to secure the back channel.
If you use basic authentication and SiteMinder is at both partners, the Affiliate Name at each site is the name of the consumer. If the asserting party is not SiteMinder, the asserting party administrator must provide you with the name they are using to identify your site. Specify the supplied name as the Affiliate Name in your authentication scheme configuration.
If you use client certificate authentication for the back channel, the affiliate name in the Administrative UI must be the alias of the client certificate. Additionally, the CN of the certificate subject must also match the affiliate name. Matching the affiliate name, alias and CN is required.
The Policy Server supports client certificate authentication over the backchannel using non-FIPS 140 encrypted certificates, even when the Policy Server is operating in FIPS-only mode. However, for a strictly FIPS-only installation, use certificates only encrypted with FIPS 140-compatible algorithms.
The client certificate is stored in the certificate data store.
|
Copyright © 2012 CA.
All rights reserved.
|
|