The SAML Affiliate Agent is part of the Federation Security Services solution. Federation Security Services enables businesses to share security information across multiple domains.
Note: Federation Security Services and the SAML Affiliate Agent are packaged as separately-licensed items.
The SAML Affiliate Agent provides seamless single sign-on from a producer site, such as a portal, to a SAML consumer acting as an affiliate in a federated network. The affiliate provides resources and services related to the portal. For example, affiliateA.com and affiliateB.com have an agreement that visitors to affiliateA.com receive a 10% discount for purchases at affiliateB.com. These two sites are affiliates. Using the SAML Affiliate Agent eliminates the need for the a user to re-authenticate or provide additional information about themselves.
The communication exchange between a SAML Affiliate Agent and SiteMinder at the producer site results in the generation of a SAML assertion. A SAML assertion is an XML document containing authorization and authentication about a user. The producer sends this document to the SAML Affiliate Agent at the consumer site. The assertion confirms that a user has been authenticated at the main portal, and the information it contains enables the affiliate to provide user information to a Web server for use with its Web applications.
If you install a SAML Affiliate Agent at an affiliate site, it is the only SiteMinder component installed at that site. The affiliate site does not require a full installation, because a SAML Affiliate Agent does not protect resources; it only enables personalization.
The following components are required to support Federation Security Services at the producer site:
The following figure shows a federated network with SAML Affiliate Agents.
In the previous figure, the Policy Server is connected to a Web Agent on the company.com Web server. This Agent can pass user information about company.com users to the affiliateA.com and affiliateB.com Web servers using the SAML Affiliate Agents.
The producer site authenticates the user and passes information about the user to the affiliate site. This site has a full SiteMinder installation. The affiliate site has only a SAML Affiliate Agent and Web server; there is no Policy Server. The affiliate site does not require a full installation because a SAML Affiliate Agent does not protect resources in the same way as a Web Agent. The SAML Affiliate Agent simply provides user information to a Web server for use with its Web applications. The applications can use the information to personalize Web content and create a unique experience for each user.
|
Copyright © 2012 CA.
All rights reserved.
|
|