|
|
|
For the SAML Affiliate Agent to get information about a user requesting a resource, the Agent must retrieve the SAML assertion stored at the producer.
When a user requests a protected consumer resource, that user is sent to the producer to be authenticated. After the user is authenticated, the producer redirects the user to the SSLInterceptorURL at the consumer. This redirection includes the SAML artifact and the protected URL at the consumer that the user tried to access. This artifact references the actual assertion stored in the session server at the producer, and it enables the SAML Affiliate Agent to retrieve the correct assertion.
To retrieve the assertion, the SAML Affiliate Agent intercepts the redirected request from the producer, and calls the assertion service at the producer over a back channel. It then retrieves the SAML assertion.
The GetAssertionService element defines the URL at the producer where the Affiliate Agent retrieves the SAML assertion.
To specify the assertion service, enter a URL to its location at the producer. This must be a URL over an SSL connection. For example:
<GetAssertionService>https://secure.producer.domain.com:81/affwebservices/assertionsretriever</GetAssertionService>
Note: The affwebservices/assertionretriever portion of the assertion service URL is the default installation directory of the Federation Web Services application, which is installed with the Web Agent Option Pack for the producer-side Web Agent. If you install the Option Pack in a non-default location, be sure the correct location is reflected in this URL.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |