|
|
|
The Resource Partner Properties dialog contains the following fields and controls:
Name of the Resource Partner. This name should be unique across all affiliate domains.
(Optional) a brief description of the Resource Partner.
Defines the protected URL used for authentication purposes when a user tries to access Resource Partner resource but does not have a SiteMinder session. When a user who has not logged in at the Account Partner requests a protected Resource Partner resource, the user is sent to the Authentication URL. This URL must point to the redirect.jsp file. For example:
http://myserver.mysite.com/siteminderagent/redirectjsp/redirect.jsp
Identifies the web server with the Web Agent Option Pack or the SPS federation gateway.
Important! You must create a policy to protect the Authentication URL; however, do this after you add a Resource Partner to an affiliate domain because you have to exit the Resource Partner Properties dialog.
This check box must be marked for the Policy Server and Federation Web Services to support authentication of Resource Partner resources.
The Use Secure URL feature instructs SiteMinder's Single Sign-on Service to encrypt only the SMPORTALURL query parameter that it appends to the Authentication URL prior to redirecting the user to establish a SiteMinder session. After the user is authenticated, the Authentication URL redirects the user back to the destination specified by the SMPORTALURL query parameter.
Encrypting the SMPORTALURL prevents a malicious user from modifying the value and redirecting authenticated users to a malicious web site instead of the originally requested target.
If you select this checkbox, you must do the following:
http(s)://idp_server:port/affwebservices/secure/secureredirect
If the SiteMinder Producer/Identity Provider/Account Partner serves more than one Consumer/Service Provider/Resource Partner, it probably authenticates different users for these different partners. As a result, for each Authentication URL that uses secureredirect, this web service must be included in a different realm for each partner.
To associate the secureredirect service with different realms, modify the web.xml file to create different resource mappings; you cannot copy the secureredirect web service to different locations on your server. This file is located in the directory web_agent_home/affwebservices/WEB-INF.
(Optional) Protected URL for a custom web application that is used to supply user attributes to the SiteMinder Single Sign-on service. The application can be on any host in your network.
Attributes from the web application specified in this field are made available to the Assertion Generator and then placed in the SAML assertion by an Assertion Generator plug-in. You must write and integrate the plug-in with SiteMinder.
The FWS application supplies the sample web applications that you can use as a basis for your web application. These applications are located as follows:
http://ap_server:port/affwebservices/public/sample_application.jsp
http://ap_server:port/affwebservices/public/unsolicited_application.jsp
Specifies the server and port number of the system at the Account Partner that is hosting the Web Agent Option Pack or the SPS federation gateway, depending on which component is installed in your federation network.
The Resource Partner Properties dialog also contains the following tabs:
Configures the users or groups of users that can be authenticated for access to Resource Partner resources; the assertion generator can create SAML assertions that include information about these users.
Specifies the Name Identifier to be used when corresponding with this Resource Partner.
Specifies general information about the Resource Partner.
Configures the Single Sign-On (SSO) profile of a Resource Partner.
Configures assertion attribute statements, which define the user attributes, DN attributes, or static data that are passed from the Account Partner to the Resource Partner in assertions.
Configures the WS-federation signout feature.
(Optional) Configures an Assertion Generator plug-in.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |