Federation Web Services URLs Used by the Product

Contents
sm1252sp1
Contents
2
Federation Services URLs
The Federation Web Services contains many services to implement legacy federation. When configuring single sign-on, single logout, or identity provider discovery profile through the Administrative UI, you are required to specify URLs that reference the different services.
The following service descriptions include:
  • A brief description of the service
  • The URL for the service
  • The field in the Administrative UI where you enter the URL
  • Associated servlet and servlet mapping in the Web.xml file
The Web.xml file is one of the deployment descriptors for the Federation Web Services application. This file lists servlets and URL mappings.
URLs for Services at the Asserting Party
The following services are provided at the asserting party (Producer/Identity Provider/Account Partner); however, you enter the service URL at the relying party (Consumer/Service Provider/Resource Partner).
The Federation Web Services application supplies the following services:
 
Intersite Transfer Service URL (SAML 1.x)
For SAML 1.x POST and artifact profiles, the intersite transfer URL is a producer-side component that transfers a user from the producer to the consumer.
  • Default URL for this Service
    http://
    producer_server:port
    /affwebservices/public/intersitetransfer
    • producer_server:port
      Identifies the web server and port number of the system at the producer hosting the Web Agent Option Pack or the 
      CA Access Gateway
      .
       
  • Intersite Transfer URL
    Include the URL in a hard-coded link on a page at the producer.
  • Associated Servlet and Servlet Mapping in the Web.xml file
    <servlet> <servlet-name>intersiteTransferService</servlet-name> <display-name>Intersite Transfer Service</display-name> <description>This servlet acts as the Intersite Transfer URL.</description> <servlet-class>com.netegrity.affiliateminder.webservices. IntersiteTransferService </servlet-class> </servlet> <servlet-mapping> <servlet-name>intersiteTransferService</servlet-name> <url-pattern>/public/intersitetransfer/*</url-pattern> </servlet-mapping>
Assertion Retrieval Service URL (SAML 1.x)
The Assertion Retrieval Service retrieves an assertion for a SAML. 1.x consumer site.
  • Default URLs for this Service
    • For Basic or Basic over SSL to protect this service, the URL is:
      https://producer_server:port
      /affwebservices/assertionretriever
    • For client certificate authentication to protect this service, the URL is:
      https://producer_server:port
      /affwebservices/certassertionretriever
    • producer_server:port
      Identifies the web server and port number of the system at the producer hosting the Web Agent Option Pack or the 
      CA Access Gateway
      .
  • Assertion Retrieval URL
    Specified in the Assertion Retrieval URL field. This field is in the Scheme Setup section of the SAML 1.x authentication scheme page.
  • Associated Servlet and Servlet Mapping in the Web.xml file
    <servlet> <servlet-name>assertionretriever</servlet-name> <display-name>SAML Assertion Retrieval servlet</display-name> <description>This servlet processes the HTTP post based SAML requests and returns the SAML Response elements. Both SAML Request and Response elements are SOAP encoded.</description> <servlet-class>com.netegrity.affiliateminder.webservices. AssertionRetriever</servlet-class> </servlet> <servlet-mapping> <servlet-name>assertionretriever</servlet-name> <url-pattern>/assertionretriever/*</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>assertionretriever</servlet-name> <url-pattern>/certassertionretriever/*</url-pattern> </servlet-mapping>
Artifact Resolution Service URL (SAML 2.0)
The Artifact Resolution Service retrieves SAML 2.0 assertions for a Service Provider.
  • Default URL for this Service
    • For Basic authentication to protect this service, the URL is:
      http://
      idp_server:port
      /affwebservices/saml2artifactresolution
    • For Basic over SSL or X.509 client certificate authentication to protect this service, the URL is:
      https://
      idp_server:port
      /affwebservices/saml2certartifactresolution
  • idp_server:port
    Identifies the web server and port hosting the Web Agent Option Pack or 
    CA Access Gateway
    .
  • Resolution Service URL
    Specified in the Resolution Service field. This field is in the Bindings section of the SSO settings for the SAML 2.0 authentication scheme. To make the field active, select HTTP-Artifact as the binding.
  • Associated Servlet and Servlet Mapping in the Web.xml file
    <servlet> <servlet-name>saml2artifactresolution</servlet-name> <display-name>SAML 2.0 Single Sign-On service</display-name> <description>This servlet is the SAML 2.0 Artifact Resolution service at an IdP.</description> <servlet-class>com.netegrity.affiliateminder.webservices. saml2.ArtifactResolution</servlet-class> </servlet> <servlet-mapping> <servlet-name>saml2artifactresolution</servlet-name> <url-pattern>/saml2artifactresolution/*</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>saml2artifactresolution</servlet-name> <url-pattern>/saml2certartifactresolution/*</url-pattern> </servlet-mapping>
Single Sign On Service URL (SAML 2.0)
The single sign-on service implements single sign-on for SAML 2.0.
  • Default URL for this Service
    http://
    idp_server:port
    /affwebservices/public/saml2sso
  • idp_server:port
    Identifies the web server and port hosting the Web Agent Option Pack or 
    CA Access Gateway
    .
  • SSO Service URL
    Specified in the SSO Service field. This field is in the SSO settings for the SAML 2.0 authentication scheme.
  • Associated Servlet and Servlet Mapping in the Web.xml file
    <servlet> <servlet-name>saml2sso</servlet-name> <display-name>SAML 2.0 Single Sign-On service</display-name> <description>This servlet is the SAML 2.0 Single Sign-On service at an IdP.</description> <servlet-class>com.netegrity.affiliateminder.webservices. saml2.SSO</servlet-class> </servlet> <servlet-mapping> <servlet-name>saml2sso</servlet-name> <url-pattern>/public/saml2sso/*</url-pattern> </servlet-mapping>
Single Sign-on Service URL (WS-Federation)
The WS-Federation single sign-on service implements single sign-on for WS-Federation.
  • Default URL for this Service
    http://
    ap_server:port
    /affwebservices/public/wsfedsso
  • ap_server:port
    Specifies the server and port number of the system at the Account Partner. The system is hosting the Web Agent Option Pack or the 
    CA Access Gateway
    , depending on which component is installed in your federation network.
  • SSO Service URL
    Specified in the SSO Service field. This field is in the SSO settings of the WS-Federation authentication scheme.
  • Associated Servlet and Servlet Mapping in the Web.xml file
    <servlet> <servlet-name>wsfedsso</servlet-name> <display-name>WSFED Single Sign-On service</display-name> <description>This servlet is the WSFED Single Sign-On service at an Account Partner.</description> <servlet-class>com.netegrity.affiliateminder.webservices.wsfed.SSO </servlet-class> </servlet> <servlet-mapping> <servlet-name>wsfedsso</servlet-name> <url-pattern>/public/wsfedsso/*</url-pattern> </servlet-mapping>
Single Logout Service URL at the IdP (SAML 2.0)
This service implements single logout for SAML 2.0.
  • Default URL for this Service
    http://
    idp_server:port
    /affwebservices/public/saml2slo
  • idp_server:port
    Identifies the web server and port hosting the Web Agent Option Pack or 
    CA Access Gateway
    .
     
  • SLO Location URL/SLO Response Location URL
    Specified in the fields of the same name at the Identity Provider. These fields are in the SLO section of the SAML Profiles settings for the SAML Service Provider object.
  • Associated Servlet and Servlet Mapping in the Web.xml file
    <servlet> <servlet-name>saml2slo</servlet-name> <display-name>SAML 2.0 Single Logout service</display-name> <description>This servlet is the SAML 2.0 Single Logout service at an IdP.</description> <servlet-class>com.netegrity.affiliateminder.webservices. saml2.SLOService</servlet-class> </servlet> <servlet-mapping> <servlet-name>saml2slo</servlet-name> <url-pattern>/public/saml2slo/*</url-pattern> </servlet-mapping>
Signout Service URL at the AP (WS-Federation)
This signout service implements WS-Federation sign out functionality.
  • Default URL for this Service
    http://
    ap_server:port
    /affwebservices/public/wsfedsignout
  • ap_server:port
    Specifies the server and port number of the system at the Account Partner. The system is hosting the Web Agent Option Pack or the 
    CA Access Gateway
    , depending on which component is installed in your federation network.
  • Signout Cleanup URL/Signout Confirm URL
    Specified in fields of the same name at the Account Partner. These fields are in the Signout section of the SAML Profiles settings for the Resource Partner Properties object.
  • Associated Servlet and Servlet Mapping in the Web.xml file
    <servlet> <servlet-name>wsfedsignout</servlet-name> <display-name>WS-Federation Signout Service</display-name> <description>This servlet is the WS-Federation Signout service at an AP.</description> <servlet-class>com.netegrity.affiliateminder.webservices.wsfed. SignoutService</servlet-class> </servlet> <servlet-mapping> <servlet-name>wsfedsignout</servlet-name> <url-pattern>/public/wsfedsignout/*</url-pattern> </servlet-mapping>
Identity Provider Discovery Profile Service URL (SAML 2.0)
The Identity Provider Discovery Profile service implements the Identity Provider Discovery feature.
  • Default URL for this Service
    https://
    idp_server:port
    /affwebservices/public/saml2ipd/*
  • idp_server:port
    Identifies the web server and port hosting the Web Agent Option Pack or 
    CA Access Gateway
    .
  • Service URL
    Specified in the Service URL field. This field is located in the IPD section of the SAML Profile settings for the SAML Service Provider object at the Identity Provider.
  • Associated Servlet and Servlet Mapping in Web.xml file
    <servlet> <servlet-name>saml2ipd</servlet-name> <display-name>SAML 2.X Identity Provider Discovery Profile service</display-name> <description>This servlet is the SAML 2.X Identity Provider Discovery Profile service at an SP or IdP.</description> <servlet-class>com.netegrity.affiliateminder.webservices. saml2.IPDService</servlet-class> </servlet> <servlet-mapping> <servlet-name>saml2ipd</servlet-name> <url-pattern>/public/saml2ipd/*</url-pattern> </servlet-mapping>
Attribute Service URL (SAML 2.0)
The Attribute Service enables an Attribute Authority to respond to attribute queries from a SAML Requester.
  • Default URL for this Service
    http://
    idp_server:port
    /affwebservices/saml2attributeservice
  • sm1252sp1
    idp_server:port
    Identifies the web server and port hosting the Web Agent Option Pack or
    CA Access Gateway
    .
  • Attribute Service URL
    Specified in the Attribute Service field. This field is in the Attributes settings for the SAML 2.0 authentication scheme at the Service Provider.
  • Associated Servlet and Servlet Mapping in the Web.xml file
    <servlet> <servlet-name>saml2attributeservice</servlet-name> <display-name>SAML 2.0 Attribute service</display-name> <description>This servlet is the SAML 2.0 Attribute Service at an IdP.</description> <servlet-class>com.netegrity.affiliateminder.webservices.saml2. AttributeService</servlet-class> </servlet> <servlet-mapping> <servlet-name>saml2attributeservice</servlet-name> <url-pattern>/saml2attributeservice/*</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>saml2attributeservice</servlet-name> <url-pattern>/saml2certattributeservice/*</url-pattern> </servlet-mapping>
WSFedDispatcher Service URL at the AP
The WSFedDispatcher Service receives all incoming WS-Federation messages and forwards the request processing to other services based on the query parameter data.
  • Default URL for this Service
    https://
    ap_server:port
    /affwebservices/public/wsfeddispatcher
  • sm1252sp1
    ap_server:port
    Specifies the server and port number of the system at the Account Partner. The system is hosting the Web Agent Option Pack or the
    CA Access Gateway
    , depending on which component is installed in your federation network.
  • URL
    Not applicable
  • Associated Servlet and Servlet Mapping in the Web.xml file
    <servlet> <servlet-name>wsfeddispatcher</servlet-name> <display-name>WS-Federation Dispatcher service</display-name> <description>This servlet is the WS-Federation Dispatcher service for all WS-Federation services.</description> <servlet-class>com.netegrity.affiliateminder.webservices.wsfed. dispatcher</servlet-class> </servlet> <<servlet-mapping> <servlet-name>wsfeddispatcher</servlet-name> <url-pattern>/public/wsfeddispatcher/*</url-pattern> </servlet-mapping>
URLs for Services at the Relying Party
The relying party provides the following services; however, you enter the URL for the service at the asserting party.
The
CA Single Sign-On
relying party provides the following services:
SAML Credential Collector Service URL (SAML 1.x)
The SAML Credential Collector service assists in consuming SAML 1.x assertions.
  • Default URL for this Service
    https://
    consumer_server:port
    /affwebservices/public/samlcc
    • sm1252sp1
      consumer_server:port
      Identifies the web server and port hosting the Web Agent Option Pack or
      CA Access Gateway
      .
  • Assertion Consumer URL
    Specified in the Assertion Consumer URL field. This field is on the Assertions page for the SAML 1.x affiliate object. The field is also in the Scheme Setup section for the SAML 1.x POST authentication scheme at the consumer.
  • Associated Servlet and Servlet Mapping in the Web.xml file
    <servlet> <servlet-name>samlcredentialcollector</servlet-name> <display-name>SAML Credential Collector</display-name> <description>This servlet acts as the SAML Credential Collector.</description> <servlet-class>com.netegrity.affiliateminder.webservices. SAMLCredentialCollector</servlet-class> </servlet> <servlet-mapping> <servlet-name>samlcredentialcollector</servlet-name> <url-pattern>/public/samlcc/*</url-pattern> </servlet-mapping>
AuthnRequest Service (SAML 2.0)
This AuthnRequest service helps implement single sign-on for the artifact or POST profile.
  • Default URL for this Service
    https://
    sp_server:por
    t/affwebservices/public/saml2authnrequest
  • sm1252sp1
    sp_server:port
    Specifies the server and port number at the Service Provider hosting the Web Agent Option Pack or the
    CA Access Gateway
    .
  • URL for the Service
    Not applicable.
    The AuthnRequest is a link in an application at the Service Provider. This link initiates single sign-on and it must be in an application.
  • Associated Servlet and Servlet Mapping in the Web.xml file
    <servlet> <servlet-name>saml2authnrequest</servlet-name> <display-name>SAML 2.0 AuthnRequest service</display-name> <description>This servlet is the SAML 2.0 AuthnRequest service at an SP.</description> <servlet-class>com.netegrity.affiliateminder.webservices. saml2.AuthnRequest</servlet-class> </servlet> <servlet-mapping> <servlet-name>saml2authnrequest</servlet-name> <url-pattern>/public/saml2authnrequest/*</url-pattern> </servlet-mapping>
Assertion Consumer Service URL (SAML 2.0)
The Assertion Consumer Service enables the consumption of assertions.
  • Default URL for this Service
    https://
    sp_server:port
    /affwebservices/public/saml2assertionconsumer
  • sm1252sp1
    sp_server:port
    Specifies the server and port number at the Service Provider hosting the Web Agent Option Pack or the
    CA Access Gateway
    .
  • Assertion Consumer URL
    Specified in the Assertion Consumer URL field. This field is part of the SSO settings for the SAML Service Provider object at the Identity Provider.
  • Associated Servlet and Servlet Mapping in the Web.xml file
    <servlet> <servlet-name>saml2assertionconsumer</servlet-name> <display-name>SAML 2.0 Assertion Consumer service</display-name> <description>This servlet is the SAML 2.0 Assertion Consumer service at an SP.</description> <servlet-class>com.netegrity.affiliateminder.webservices. saml2.AssertionConsumer</servlet-class> </servlet> <servlet-mapping> <servlet-name>saml2assertionconsumer</servlet-name> <url-pattern>/public/saml2assertionconsumer/*</url-pattern> </servlet-mapping>
Security Token Consumer Service URL (WS-Federation)
The Security Token Consumer Service enables the consumption of assertions at the Resource Partner.
  • Default URL for this Service
    https://
    rp_server:port
    /affwebservices/public/wsfedsecuritytokenconsumer
    • sm1252sp1
      rp_server:port
      Identifies the web server and port at the Resource Partner hosting the Web Agent Option Pack or
      CA Access Gateway
      .
  • Security Token Consumer Service URL
    Specified in the Security Token Consumer Service field. This field is part of the SAML Profiles settings for the Resource Partner object at the Account Partner.
  • Associated Servlet and Servlet Mapping in the Web.xml file
    <servlet> <servlet-name>wsfedsecuritytokenconsumer</servlet-name> <display-name>Security Token Consumer service</display-name> <description>This servlet is the WS-Federation Security Token Consumer service at an RP.</description> <servlet-class>com.netegrity.affiliateminder.webservices.wsfed. SecurityTokenConsumer</servlet-class> </servlet> <<servlet-mapping> <servlet-name>wsfedsecuritytokenconsumer</servlet-name> <url-pattern>/public/wsfedsecuritytokenconsumer/*</url-pattern> </servlet-mapping>
Single Logout Service URL at the SP (SAML 2.0)
The single logout services implement single logout for SAML 2.0.
  • Default URL for this Service
    http://
    sp_server:port
    /affwebservices/public/saml2slo
  • sm1252sp1
    sp_server:port
    Specifies the server and port number at the Service Provider hosting the Web Agent Option Pack or the
    CA Access Gateway
    .
  • SLO Location URL/SLO Response Location URL
    Specified in the fields of the same name. These fields are part of the SLO settings for the SAML 2.0 authentication scheme that you configure at the Service Provider.
  • Associated Servlet and Servlet Mapping in the Web.xml file
    <servlet> <servlet-name>saml2slo</servlet-name> <display-name>SAML 2.0 Single Logout service</display-name> <description>This servlet is the SAML 2.0 Single Logout service at an SP.</description> <servlet-class>com.netegrity.affiliateminder.webservices. saml2.SLOService</servlet-class> </servlet> <servlet-mapping> <servlet-name>saml2slo</servlet-name> <url-pattern>/public/saml2slo/*</url-pattern> </servlet-mapping>
Signout Service URL at the RP (WS-Federation)
The Signout service implements sign out functionality for WS-Federation.
  • Default URL for this Service:
    http://
    rp_server:port
    /affwebservices/public/wsfedsignout
    • sm1252sp1
      rp_server:port
      Identifies the web server and port at the Resource Partner hosting the Web Agent Option Pack or
      CA Access Gateway
      .
  • Signout Cleanup URL/Signout URL
    Specified in fields of the same name. These fields are in the Signout section for the WS-Federation authentication scheme at the Resource Partner.
  • Associated Servlet and Servlet Mapping in the Web.xml file
    <servlet> <servlet-name>wsfedsignout</servlet-name> <display-name>WS-Federation Signout Service</display-name> <description>This servlet is the WS-Federation Signout service at an RP.</description> <servlet-class>com.netegrity.affiliateminder.webservices.wsfed. SignoutService</servlet-class> </servlet> <servlet-mapping> <servlet-name>wsfedsignout</servlet-name> <url-pattern>/public/wsfedsignout/*</url-pattern> </servlet-mapping>
WSFedDispatcher Service URL at the RP
The WSFedDispatcher Service receives all incoming WS-Federation messages. The service then forwards the request processing to other services based on the query parameter data.
  • Default URL for this Service
    https://
    rp_server:port
    /affwebservices/public/wsfeddispatcher
    • sm1252sp1
      rp_server:port
      Identifies the web server and port at the Resource Partner hosting the Web Agent Option Pack or
      CA Access Gateway
      .
  • URL for Service
    Not applicable.
  • Associated Servlet and Servlet Mapping in the Web.xml file
    <servlet> <servlet-name>wsfeddispatcher</servlet-name> <display-name>WS-Federation Dispatcher service</display-name> <description>This servlet is the WS-Federation Dispatcher service for all WS-Federation services.</description> <servlet-class>com.netegrity.affiliateminder.webservices.wsfed. dispatcher</servlet-class> </servlet> <<servlet-mapping> <servlet-name>wsfeddispatcher</servlet-name> <url-pattern>/public/wsfeddispatcher/*</url-pattern> </servlet-mapping>
The Web.xml File
The Web.xml file lists servlets and URL mappings for the Federation Web Services application.
You cannot change most of this file, but you can modify the URL mappings.
To view the Web.xml file, go to the appropriate file location:
  • web_agent_home
    /affwebservices/WEB-INF
  • sps_home
    /secure-proxy/Tomcat/webapps/affwebservices/WEB-INF