|
|
|
The following fields and controls are on the Affiliate dialog:
Defines the name of the consumer. This name should be unique across all affiliate domains.
Defines a brief description for a consumer.
Defines the password that a consumer uses to identify itself to the producer site so it can retrieve an assertion.
Confirms the password entered in the Password field.
If set, activates the consumer. This check box must be marked for the Policy Server and Federation Web Services to authenticate users trying to access consumer resources.
The Use Secure URL feature instructs SiteMinder's Single Sign-on Service to encrypt only the SMPORTALURL query parameter that it appends to the Authentication URL prior to redirecting the user to establish a SiteMinder session. After the user is authenticated, the Authentication URL redirects the user back to the destination specified by the SMPORTALURL query parameter.
Encrypting the SMPORTALURL prevents a malicious user from modifying the value and redirecting authenticated users to a malicious web site instead of the originally requested target.
If you select this checkbox, you must do the following:
http(s)://idp_server:port/affwebservices/secure/secureredirect
If the SiteMinder Producer/Identity Provider/Account Partner serves more than one Consumer/Service Provider/Resource Partner, it probably authenticates different users for these different partners. As a result, for each Authentication URL that uses secureredirect, this web service must be included in a different realm for each partner.
To associate the secureredirect service with different realms, modify the web.xml file to create different resource mappings; you cannot copy the secureredirect web service to different locations on your server. This file is located in the directory web_agent_home/affwebservices/WEB-INF.
If set, SiteMinder provides event notification services for a site where the SAML Affiliate Agent is acting as the consumer. When set, SiteMinder can receive event notifications from the consumer about which affiliate resources a user has accessed.
Note: The Notification service is not supported for consumer at which the SAML credential collector acting as a consumer.
Defines the protected URL used to authenticate users who do not have a session at the producer.
When a user who has not logged in at the producer requests a protected consumer resource, the user is sent to the Authentication URL. This URL must point to the redirect.jsp file -- for example,
http://myserver.mysite.com/siteminderagent/redirectjsp/redirect.jsp
Identifies the web server with the Web Agent Option Pack or the SPS federation gateway.This redirect.jsp file is included with the Web Agent Option Pack and with the SPS federation gateway.
Important! You must create a policy to protect the AuthenticationURL.
The Affiliates dialog also contains the following tabs:
Lists the users or groups of users for the consumer. Users included in a consumer can be authenticated for access to consumer resources, and the assertion generator can create SAML assertions that include attribute information for the users.
Specifies the audience, validity duration, and skew time of a SAML assertion generated by the SAML assertion generator.
Enables the sharing of session information between the producer and the consumer.
Configures consumer attributes, which pass user attributes, DN attributes, or static data from the Policy Server to the consumer in an assertion.
Configures IP addresses, ranges of IP addresses, or subnet masks that users must use in order to access a consumer site. If IP addresses have been specified for a consumer, only users who access the consumer site from the appropriate IP addresses will be accepted by the consumer site as producer users.
Sets time restrictions for an consumer. When you add a time restriction, the consumer only functions during the period specified in the time restriction. If a user attempts to access an consumer resource outside of the period specified by the time restriction, the consumer does not produce SAML assertions.
Optionally, configures a plug-in to customize the content of the SAML assertion generated by the Assertion Generator.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |