|
|
|
The Scheme Setup tab for WS-Federation authentication is where you specify how the Resource Partner communicates with the Account Partner to retrieve the assertion, authenticate a user based on that assertion, then direct the user to the target resource.
The fields in the dialog box are as follows:
Specifies a URI that uniquely identifies the Resource Partner.
Note: The value that you enter must match the value of the ID specified for the corresponding Resource Partner object that you establish at the Account Partner.
Specifies a URI that uniquely identifies the Account Partner from which assertions for this Resource Partner are issued.
The Resource Partner will accept assertions only from this Account Partner.
Note: The value that you enter for the issuer must match the value of the Account Partner ID configured at the Account Partner site.
Determines the number of seconds (as a positive integer) to be subtracted from the current time to account for Resource Partners that have clocks that are not synchronized with the Policy Server acting as an Account Partner.
D-Sig Verification Group Box
Contains fields and controls that allow you to specify signature verification information.
Disables all signature processing, that is, signing and verification of signatures, for this Resource Partner.
Caution: Signature processing must be enabled in a production environment. Disabling it by setting the Disable Signature Processing option should be used for debugging only.
Specifies a unique string of only alphanumeric characters, which locates the certificate in the Resource Partner's smkeydatabase used to verify the digital signature of the assertion. This certificate is associated with the private key stored at the Account Partner. An alias entry is required for signature verification.
Opens the WS-Fed Auth Scheme Properties dialog. From this dialog, you can specify additional configuration details for the authentication scheme.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |