Previous Topic: Create SAML Authentication Schemes for the Single Target RealmNext Topic: Configure the Single Target Realm

Federation Security Services GuideConfigure SiteMinder as a SAML 2.0 Service ProviderHow To Protect Resources with a SAML 2.0 Authentication SchemeConfigure a Unique Realm for Each SAML Authentication SchemeCreate the Custom Authentication Scheme

Create the Custom Authentication Scheme

A single target realm relies on a specific custom authentication scheme to work properly.

To configure a custom authentication scheme for a single target realm

  1. Log on to the FSS Administrative UI.
  2. Select the System tab.
  3. Select Edit, System Configuration, Create Authentication Scheme.

    The Authentication Scheme Properties dialog opens.

  4. Complete the fields as follows:

    Note: Click Help for descriptions of settings and controls, including their respective requirements and limits.

    Name

    Enter a descriptive name to indicate this is a custom auth scheme, such as SAML Custom Auth Scheme.

  5. Complete the following field in the Scheme Common Setup section:
    Authentication Scheme Type

    Custom Template

  6. Complete the following fields in the Scheme Setup tab
    Library

    smauthsinglefed

    Secret and Confirm Secret

    Leave this field blank.

    Confirm Secret

    Leave this field blank

    Parameter

    Specify one of the following:

    • SCHEMESET=LIST; <saml-scheme1>;<saml_scheme2>

      Specifies the list of SAML authentication scheme names to use. If you configured an artifact scheme called artifact_producer1 and POST profile scheme called samlpost_producer2, you will enter these schemes. For example:

      SCHEMESET=LIST;artifact_producer1;samlpost_producer2

    • SCHEMESET=SAML_ALL;

      Specifies all the schemes you have configured. The custom authentication scheme will enumerate all the SAML authentication schemes and find the one with the correct Provider Source ID for the request.

    • SCHEMESET=SAML_POST;

      Specifies all the SAML POST Profile schemes you have configured. The custom authentication scheme will enumerate the POST Profile schemes and find the one with the correct Provider Source ID for the request.

    • SCHEMESET=SAML_ART;

      Specifies all the SAML artifact schemes you have configured. The custom authentication scheme will enumerate the artifact schemes and find the one with the correct Provider Source ID for the request.

    Enable this scheme for SiteMinder Administrators

    Leave unchecked.

  7. Click OK to save your changes.