Federation Security Services Guide › Configure SiteMinder as a SAML 2.0 Identity Provider › Configure Identity Provider Discovery at the IdP › Configure Request Processing with a Proxy Server

Configure Request Processing with a Proxy Server

If your federated environment sits behind a proxy server, you must specify a proxy configuration to ensure that SiteMinder finds a match between the URL of a request's message attribute and the local proxy URL. There must be a match for the request to be processed.

When a proxy configuration is set, SiteMinder replaces the <protocol>://<authority> portion of the local URL with the proxy server URL, which results in a match between the two URLs.

To support federated environments that use a proxy server at the IdP

1. Log in to the FSS Administrative UI.
2. Access the SAML Service Provider Properties dialog box for the Service Provider you want to configure.

   The SAML Service Provider Properties dialog opens.

3. Select the Advanced tab.
4. Enter a partial URL for the proxy server, of the form <protocol>://<authority> in the Server field of the Proxy group box.

   For example, the proxy server configuration would be:

   http://proxy.domain.com:9090
   

   If your network includes the SPS federation gateway, the Server field must specify the SPS federation gateway host and port, for example,

   http://sps_gateway_server.ca.com:9090
   

5. Click OK to save your changes.

The value you enter for the Server field affects the URLs for the following services at the IdP:

• Single Sign On Service
• Single Logout Service
• Artifact Resolution Service
• Attribute Service
• Authentication URL – use the proxy server URL. Once authenticated, the user is redirected to the proxy server to get to the Single Sign On Service.

The Server value becomes part of the URL used to verify SAML attributes like the Destination attribute. Essentially, if you are using a proxy server for one URL, you need to use it for all these URLs.