How To Protect Resources with a SAML 2.0 Authentication Scheme

Federation Security Services Guide › Configure SiteMinder as a SAML 2.0 Service Provider › How To Protect Resources with a SAML 2.0 Authentication Scheme

How To Protect Resources with a SAML 2.0 Authentication Scheme

Protect target federation resources by configuring a SiteMinder policy that uses the SAML 2.0 authentication scheme.

To protect a federation resource with a SAML authentication scheme:

Create a realm that uses the SAML authentication scheme. The realm is the collection of target resources that users request.
Create a realm in one of the following ways:
- Create a unique realm for each authentication scheme already configured.
- Configure a single target realm that uses a custom authentication scheme to dispatch requests to the corresponding SAML authentication schemes. Configuring one realm with a single target for all Identity Providers simplifies configuration of realms for SAML authentication.
After you configure a realm, establish an associated rule and optionally, a response.
Group the realm, rule, and response into a policy that protects the target resource.

Important! Each target URL in the realm is also identified in an unsolicited response URL. An unsolicited response is sent from the Identity Provider to the Service Provider, without an initial request from the Service Provider. The unsolicited response contains the target. At the Identity Provider, an administrator must include this response in a link so the Identity Provider can redirect the user to the Service Provider.