Previous Topic: SAML Assertion GeneratorNext Topic: SAML and WS-Federation Authentication Schemes


WS-Federation Assertion Generator

The WS-Federation assertion generator creates a SAML 1.1 assertion for a user who has a session at an Account Partner. When a user requests a resource, the Web Agent invokes the WS-Federation assertion generator at the Policy Server, which creates an assertion based on the user session and information configured in the policy store. The assertion generator then places the assertion in a WS-Federation RequestSecurityTokenResponse message.

The Web Agent is responsible for sending the WS-Federation security token response message, via a user's browser, to the site that consumes the assertion in accordance with the WS-Federation Passive Requestor profile. At the Resource Partner, a client, such as WS-Federation Assertion Consumer must be available to process the assertion.

You can customize the content of the SAML assertion generated by the assertion generator by configuring the assertion generator plug-in. This plug-in lets you customize the content for your federated environment.

The assertion generator is installed by the Policy Server. After installing the Policy Server, the Account Partner administrator can use the FSS Administrative UI to define and configure affiliates.