|
|
|
SiteMinder can issue SAML assertions. An assertion is a collection of authentication and authorization data that is passed from the producer to the SAML Affiliate Agent, which uses it to further validate client requests. SAML assertions let companies share user identities and authorization privileges securely.
Note: For information about SAML specifications and background documentation, go to the Organization for the Advancement of Structured Information Standards (OASIS).
When the user attempts to access a resource at a consumer site, the SAML Affiliate Agent redirects them to the producer for authentication. If the user authenticates successfully, the producer generates a SAML artifact. The artifact is returned to the consumer, and the SAML Affiliate Agent uses it to pull the actual assertion document from the producer.
The assertion document holds the entitlement and session information. The SAML Affiliate Agent uses this information to issue local session and profile cookies that permit access to the requested resource. If access is permitted, the user’s browser is directed to the target resource. If access is denied, the user’s browser is redirected to the URL specified by the NoAccessURL attribute in the SAML Affiliate Agent’s configuration file. The NoAccessURL overrides any web server-standard "No Access Allowed" message.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |