|
|
|
The SSO tab is where you configure Single Sign-On (SSO) information for the WS-Federation Resource Partner.
Specifies the URI for the AuthenticationMethod attribute placed in the SAML assertion. Specify a an authentication method as dictated by the SAML specification and one that is appropriate for the Authentication Level specified for the Resource Partner.
For example, if the authentication level is certificate plus basic, the default Authentication Level is 15. The default value is Password. For this default value, the URI would in the assertion would be:
urn:oasis:names:tc:SAML:1.0:am:classes:password.
Specifies a number of seconds (a positive integer) for which a generated assertion is valid. The default is 60 seconds.
In a test environment, you may want to increase the Validity Duration value above 60, the default, if you see the following message in the Policy Server trace log:
Assertion rejected (_b6717b8c00a5c32838208078738c05ce6237) -current time (Fri Sep 09 17:28:33 EDT 2006) is after SessionNotOnOrAfter time (Fri Sep 09 17:28:20 EDT 2006)
Specifies the URL of the service at the Resource Partner that receives security token response messages and extracts the assertion. The default location for the SiteMinder service is:
https://rp_server:port/affwebservices/public/wsfeddispatcher
Identifies the web server and port at the Resource Partner hosting the Web Agent Option Pack or SPS federation gateway. These components provide the Federation Web Services application.
Note: The WSFedDispatcher Service receives all incoming WS-Federation messages and forwards the request processing to the appropriate serviced based on the query parameter data. Although there is a wsfedsecuritytokenconsumer service, the wsfeddispatcher service is recommended for the entry in this field.
Specifies the minimum level at which the user must have authenticated to gain access to a SiteMinder realm. If the user has authenticated at this level, the Account Partner will generate an assertion for the user. If the user is not authenticated at this level, they are redirected to the Authentication URL to authenticate at this level.
Note: The user must have authenticated at this level or greater.
Opens the Restrictions dialog from where you can configure IP address and time restrictions on the assertion generation policy.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |