Federation › Federation Security Services Guide › Authenticate SAML 1.x Users at a Consumer › How To Protect a Resource with a SAML 1.x Authentication Scheme › How To Assign a SAML 1.x Authentication Scheme to a Realm › Configure a Single Target Realm for All SAML 1.x Auth. Schemes

Configure a Single Target Realm for All SAML 1.x Auth. Schemes

To simplify configuration of realms for SAML authentication schemes, you can create a single target realm for multiple producers.

To do this, set-up:

• A single custom authentication scheme

  You should have already configured SAML artifact and/or SAML POST profile authentication schemes for each producer.

• A single realm with one target URL

To configure a custom authentication scheme for the single realm:

1. Log into the Policy Server User Interface.
2. From the menu bar, select Edit, System Configuration, Create Authentication Scheme.

   The Authentication Scheme Properties dialog box opens.

3. From the Authentication Scheme Type drop-down list, select Custom Template. The contents of the dialog box change for the custom template.

   

4. In the Library field, enter smauthsinglefed for the library name.
5. Disregard the Secret and Confirm Secret fields.
6. In the Parameter field, specify one of the following:
   • SCHEMESET=LIST; <saml-scheme1>;<saml_scheme2>

     Specifies the list of SAML authentication scheme names to use. If you configured an artifact scheme called artifact_producer1 and POST profile scheme called samlpost_producer2, you will enter these schemes.

   • SCHEMESET=SAML_ALL;

     Specifies all the schemes you have configured. The custom authentication scheme will enumerate all the SAML authentication schemes and find the one with the correct Provider Source ID for the request.

   • SCHEMESET=SAML_POST;

     Specifies all the SAML POST Profile schemes you have configured. The custom authentication scheme will enumerate the POST Profile schemes and find the one with the correct Provider Source ID for the request.

   • SCHEMESET=SAML_ART;

     Specifies all the SAML artifact schemes you have configured. The custom authentication scheme will enumerate the artifact schemes and find the one with the correct Provider Source ID for the request.

7. Disregard the Enable this scheme for SiteMinder Administrators checkbox.
8. Click OK to save your changes.

To create the single target realm:

1. Display the list of policy domains.
2. Expand the policy domain where you will add the realm.
3. Click on the realm icon.
4. From the menu bar, select Edit, Create Realm.

   The SiteMinder Realm dialog box opens.

5. In the Name field, enter a name for this custom target realm.
6. In the Agent field, select a SiteMinder Web Agent protecting the Web server with the target consumer resource.
7. In the Resource Filter field, specify the location of the target resource to which any user from any producer site should be redirected.

   For example, /FederatedUsers.

8. From the Authentication Scheme drop-down list, select the custom authentication scheme that you configured for directing requests to the appropriate SAML authentication schemes.
9. Ensure Protected is selected in the Default Resource Protected group box.
10. Click OK to save the realm configuration.

The following graphic shows the Realm Properties dialog for the custom realm.