Agent Guides › SAML Affiliate Agent Guide › Configure Affiliate Settings › Communication Across a SiteMinder Federated Network › Determine How the Consumer Authenticates to the Producer

Determine How the Consumer Authenticates to the Producer

The AuthenticationScheme element determines how the consumer authenticates itself to the producer-side Web server that has Federation Web Services installed. The communication between the Affiliate Server component of the SAML Affiliate Agent can occur over an HTTP or SSL connection.

Important! The SAML Affiliate Agent is not compatible with the FIPS 140-2 encryption standards.

Specify one of the following for the AuthenticationScheme element.

• Basic— In this mode, the Affiliate Server communicates with the Federation Web Services application over an SSL back-channel connection. This is the default mode. For example:

  <AuthenticationScheme>Basic</AuthenticationScheme>

• Basic_Unsecure—In this mode, the Affiliate Server communicates with the Federation Web Services application over an HTTP connection. You might choose Basic_Unsecure if, for example, your producer and consumer sites are operating in a secure virtual private network (VPN). For example:

  <AuthenticationScheme>Basic_Unsecure</AuthenticationScheme>

A mix of SSL and non-SSL connections with Federation Web Services is not allowed. If you use Basic for the AuthenticationScheme element, all connections should be secure (SSL); however, if you choose Basic_Unsecure, all connections should be HTTP connections (non-SSL).

Note: If you change the AuthenticationScheme element, re-start the Affiliate Server (Smaffdaemon for UNIX or Affiliate Minder Service for Windows) and restart the Web server.