|
|
|
When a user visits a consumer and requests a protected consumer resource, they are redirected to the producer. The redirect URL contains the SSLInterceptorURL, which the SAML Affiliate Agent adds as a query parameter. At the producer site, the producer adds a SAML artifact as an additional query parameter, then sends the user back to the SSLInterceptorURL at the consumer. Using SSL ensures that the artifact is not sent in clear text.
No content should be bound to the SSLInterceptorURL because the request is never passed to the Web server. Instead, the SAML Affiliate Agent examines the URL, extracts the information in the query parameters, and processes the request. The request will fail if the query parameters on the URL are invalid.
Note: We strongly recommend that the URL be sent over an SSL connection to ensure that the SAML artifact is not sent in clear text.
To specify the SSLInterceptorURL, enter a valid URL at the consumer Web server where the producer will redirect users, for example:
<SSLInterceptorURL>https://interceptor.domain.com:90/affiliateagent/
afftsite/test1.htm</SSLInterceptorURL>
Important! You must specify a port number for this parameter.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |