The SAML assertion generator creates an assertion for a user who has a session at a producer/IdP site. When a partner requests a SAML assertion, the Web Agent invokes the SAML assertion generator. The assertion generator creates an assertion based on the user session and information in the policy store.
The assertion generator processes the assertion according to the authentication profile or binding configured, as follows:
The assertion generator stores the assertion in the SiteMinder session server. A reference to the assertion is returned to the Web Agent in the form of a SAML artifact.
SiteMinder returns the assertion by way of a browser as a SAML response embedded in an HTTP form.
The Web Agent is responsible for sending the SAML artifact, SAML response, or WS-Federation security token response to the relying party in accordance with the SAML profile. At the relying party, a client must be available to process the SAML artifact or response message. If SiteMinder is the relying party, the client can be the SAML Affiliate Agent, the SAML 1.x credential collector or the SAML 2.0 assertion consumer.
You can customize the content of the SAML assertion generated by the assertion generator by configuring the assertion generator plug-in. This plug-in lets you customize the content for your federated environment.
|
Copyright © 2012 CA.
All rights reserved.
|
|