Federation Security Services Guide › Deploy Federation Using a Manual Configuration

Deploy Federation Using a Manual Configuration

This section contains the following topics:

Manual SiteMinder-to-SiteMinder Deployment Overview

Manual Deployment Prerequisites

Sample Federation Network

Set Up the Identity Provider

Set Up the Service Provider

Test SAML 2.0 Single Sign-on

Add Functionality to the Federation Deployment

Manual SiteMinder-to-SiteMinder Deployment Overview

You can accomplish a deployment manually. The manual deployment tasks begin with a simple configuration, single sign-on with POST binding. By starting with a basic configuration, you can complete the least number of steps to see how SiteMinder federation works.

After getting POST single sign-on to work, additional tasks, such as configuring the artifact binding, digital signing, and encryption are described. You can add these features to reflect a real production environment.

Important! The deployment exercise is only for SAML 2.0. These procedures do not apply to a SAML 1.x or WS-Federation configuration.

The manual deployment examples are different from the sample application deployment in the following ways:

• The deployment that is described is set up across two systems, with a Policy Server and Web Agent on each system. The two systems represent the IdP and the SP.
• Additional features are documented for the manual configuration that the sample application does not set up, including:
  • Configuring SSL for the artifact back channel
  • Adding an attribute to an assertion
  • Digitally signing and verifying an assertion
  • Encrypting and decrypting an assertion

Important! The procedures throughout the manual deployment use sample data. To use data from your environment, specify entries for your Identity Provider and Service Provider configuration.