|
|
|
The Assertions tab is where you define the SAML assertion generated by the Assertion Generator. The dialog contains the following fields:
Specifies the SAML profile used for sending an assertion. The options are:
he artifact is a 42-byte hex encoded ID that references an assertion stored in the session server on the producer-side Policy Server. An artifact lets a consumer retrieve an assertion document from a producer.
The POST profile embeds a SAML response with the assertion in an HTML form. The form is posted by the user’s browser at the destination consumer site. SAML POST profile is only supported for SAML version 1.1.
Specifies the version of the SAML protocol in use. The choices are SAML 1.0 and 1.1. SAML artifact can support either version. SAML POST can only support SAML 1.1.
(Required for SAML POST binding, optional for SAML Artifact binding)
Specifies the destination site URL to which the user’s browser must send a generated assertion. The default URL varies depending on the SAML binding and whether SiteMinder or the SAML Affiliate Agent is at the consumer site.
https://consumer_server:port/affwebservices/public/samlcc
https://consumer_server:port/affagent/affiliatesite/test1.htm
consumer_server:port
Identifies the web server and port hosting the Web Agent Option Pack or SPS federation gateway.
Note: For SAML 1.x artifact binding, the value of the Assertion Consumer URL field takes precedence over the value of the SMCONSUMERURL query parameter, which must be part of the intersite transfer URL that a user selects to initiate single sign-on.
Defines the URL of the document that describes the terms and conditions of the agreement between the producer and the consumer. This value is included in the assertion passed to the consumer and may be used for validation purposes. Also, the consumer may parse the actual audience document to obtain relevant information.
If the SAML Affiliate Agent is the consumer, the value entered here must match the value entered for the Assertion Audience setting in the AffiliateConfig.xml file, the configuration file for the SAML Affiliate Agent. For any other SAML consumer, the value entered must match that of the Audience field configured for the SAML authentication scheme.
Defines the amount of time, in seconds, that the assertion is valid. If the consumer does not receive the assertion during the assertion’s valid window, the consumer considers the assertion invalid.
Defines the difference, in seconds, between the system clock time of the producer and the system clock time of the consumer. The skew time is added to the validity duration.
Note: Times are relative to GMT.
Enables the producer to digitally sign the assertion with its private key. This adds an additional level of security to the assertion in addition to the assertion response being passed across a secure back-channel.
(Optional) Specifies the alias associated with a specific private key in the SiteMinder key database. By completing this field, you are indicating which private key the Producer should use to sign assertions or assertion responses.
Note: It is recommended that the private key already be stored in the key database before you specify its associated alias in this field.
Limits: an alphanumeric character string
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |