|
|
|
The SAML Service Provider Properties dialog contains the following fields and controls:
Name of the Service Provider. This name should be unique across all affiliate domains.
Optionally, a brief description of the Service Provider.
Protected URL used to authenticate users trying to access Service Provider resources.
When a user who has not logged in at the Identity Provider requests a protected Service Provider resource, the user is sent to the Authentication URL. This URL must point to the redirect.jsp file, for example,
http://myserver.idpA.com/siteminderagent/redirectjsp/redirect.jsp
Identifies the web server with the Web Agent Option Pack or the SPS federation gateway. The redirect.jsp file is included with the Web Agent Option Pack or SPS federation gateway installed at the Identity Provider site.
Important! You must protect the AuthenticationURL; however, do this after you add a Service Provider to an affiliate domain because you have to exit the SAML Service Provider Properties dialog.
Enables the Policy Server and Federation Web Services to support authentication of Service Provider resources.
The Use Secure URL feature instructs SiteMinder's Single Sign-on Service to encrypt only the SMPORTALURL query parameter that it appends to the Authentication URL prior to redirecting the user to establish a SiteMinder session. After the user is authenticated, the Authentication URL redirects the user back to the destination specified by the SMPORTALURL query parameter.
Encrypting the SMPORTALURL prevents a malicious user from modifying the value and redirecting authenticated users to a malicious web site instead of the originally requested target.
If you select this checkbox, you must do the following:
http(s)://idp_server:port/affwebservices/secure/secureredirect
If the SiteMinder Producer/Identity Provider/Account Partner serves more than one Consumer/Service Provider/Resource Partner, it probably authenticates different users for these different partners. As a result, for each Authentication URL that uses secureredirect, this web service must be included in a different realm for each partner.
To associate the secureredirect service with different realms, modify the web.xml file to create different resource mappings; you cannot copy the secureredirect web service to different locations on your server. This file is located in the directory web_agent_home/affwebservices/WEB-INF.
(Optional) Identifies the protected URL for a custom web application that is used to supply user attributes to the SiteMinder Single Sign-on service. The application can be on any host in your network.
Attributes from the web application specified in this field are made available to the Assertion Generator and then placed in the SAML assertion by an Assertion Generator plug-in. You must write and integrate the plug-in with SiteMinder.
The Federation Web Services application supplies sample web applications that you can use as a basis for your web application. They are:
http://idp_server:port/affwebservices/public/sample_application.jsp
http://idp_server:port/affwebservices/public/unsolicited_application.jsp
Identifies the web server and port hosting the Web Agent Option Pack or SPS federation gateway.
The SAML Service Provider dialog also contains the following tabs:
Configures the users or groups of users for the Service Provider. Configured users can be authenticated for access to Service Provider resources; the assertion generator can create SAML assertions that include entitlement information for these users.
Specifies the Name Identifier to be used when corresponding with this Service Provider.
Specifies general information about the Service Provider.
Configures the Single Sign-On (SSO) aspects of a Service Provider.
Configures assertion attribute statements, which define the user attributes, DN attributes, or static data that are passed from the Policy Server to the Service Provider in SAML 2.0 assertions.
Configures the Single Logout (SLO) aspects of the Service Provider.
Configures the Identity Provider Discovery Profile.
Configures XML encryption.
(Optional) Configures an Assertion Generator plug-in.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |