Use Higher Protection Level Auth Scheme for New Federated Partnership

book

Article ID: 209227

calendar_today

Updated On:

Products

CA Single Sign On Federation (SiteMinder) CA Single Sign On Secure Proxy Server (SiteMinder) SITEMINDER

Issue/Introduction

We are looking at implementing a new SAML 2.0 integration, but we'd like to use a different auth scheme for this new IDP Partnership that requires a higher protect level.  Currently, all of our SAML partnerships are on the same web host under /affwebservices/*. I have thought that we could stand up a new Web host that points to the same Federation App servers since that would let us create a new protect realm for that, but before I go about getting that setup I wanted to see if there are any other potential solutions we could use to split out a new SAML 2.0 partnership to use a different Auth Scheme with higher protect level.

Environment

Release : ALL

Component : SITEMINDER FEDERATION

Resolution

Minimum Authentication Level can be specified in the IDP Partnership (on the SSO and SLO page).  The Authentication URL for this partnership will need to be protected by a Realm using the minimum required or higher level authentication scheme.

Additional Information

If needed, a copy of the redirect.jsp (Authentication URL) can be made in the same folder to serve as the Authentication URL for the higher protection level.