Entità del produttore remoto SAML 1.1
casso1283
HID_remote-saml1-producer-entity
Configurazione dell'entità del produttore remoto SAML 1.1
La sezione Configurazione dell'entità del produttore remoto SAML 1.1 consente di identificare l'entità. Le impostazioni comprendono:
- casso1283Entity IDIdentifies the federation entity to a partner. The Entity ID is a universal identifier like a domain name. If the Entity ID represents aremote partner,this value must be unique. If the Entity ID represents alocal partner,it can be reused on the same system. For example, if the Entity ID represents a local asserting party, this same ID can be used in more than one partnership.An Entity ID that represents a remote partner can only belong to a single active partnership.Value:URI (URL recommended)Note the following guidelines:
- The entity ID must be a URI, but an absolute URL is recommended.
- If the entity ID is a URL:
- The host part of the URL must be a name rooted in the organization's primary DNS domain.
- The URL must not contain a port number, a query string, or a fragment identifier.
- Do not use the ampersand (&) in the Entity ID because it is recognized as a separate query parameter.
- Do not specify a URN.
- The entity ID for a remote partner be globally unique to avoid name collisions within and across the federation.
Examples of Valid Entity IDsExamples of Invalid Entity IDs:- http://idp.ca.com/affwebservices/public/saml2sso?SPID=http://toto.tiit.fr?key=toto(This URL can work, but we do not advise you use this syntax)
Entity NameNames the entity object for in the policy store. The Entity Name must be a unique value.CA Single Sign-onuses the Entity Name internally to distinguish an entity at a particular site. This value is not used externally and the remote partner is not aware of this value.Note:The Entity Name can be the same value as the Entity ID, but the value is not shared with any other entity at the site.Value:An alphanumeric stringExample:Partner1DescriptionSpecifies additional information to describe the entity.Value:An alphanumeric string up to 1024 charactersSource ID(SAML 1.1 HTTP-Artifact only) Specifies a unique ID in the SAML artifact that identifies the producer. The consumer uses this ID to identify an assertion issuer.The SAML specification defines a source ID as a 20-byte binary, hex-encoded number that identifies the producer. The Source ID value you specify must be the 40-byte Hex representation of that value.We recommend that you specify the SHA1 hash of the Entity ID as the Source ID value. If you do not enter a value for this parameter, the product uses this value by default.Default:SHA1 hash of the Entity IDBase URLSpecifies the base location of the server that is visible to the intended users of the federation. This server is typically whereCA Single Sign-onis installed. The server can also be the URL of the server that hosts federation services. The base URL enablesCA Single Sign-onto generate relative URLs in other parts of the configuration, making configuration more efficient.You can edit the Base URL. For example, you can possibly configure virtual hosts for theCA Single Sign-onsystem. One virtual host handles the Administrative UI communication. The other virtual host handles the user traffic that the embedded Apache Web Server processed. In this case, you can edit the Base URL to point only to the server and HTTP port of the Apache Web Server.Value:valid URLExample:https://fedserver.ca.com:5555Note the following important guidelines for modifying this field:- If you modify the base URL, do not put a forward slash at the end of the base URL. A final slash results in two slashes being appended to other URLs that use this base URL.
- For failover support, the value of this field is the host name and port of the system managing failover to the other systems. This system can be a load balancer or proxy server.
- URL del servizio di recupero asserzioni(Richiesto solo per HTTP-Artifact) Specifica l'URL del servizio di recupero asserzioni. Se si utilizza il profilo HTTP-Artifact per Single Sign-On, l'artifact viene inviato dal consumatore al produttore. Il produttore risolve l'artifact e reindirizza l'asserzione associata all'artifact a un servizio sul lato del consumatore.La casella di gruppo permette di identificare il servizio di recupero asserzioni sul lato del produttore. Se SSL è abilitato per questo servizio, gli URL devono iniziare conhttps://.Se il produttore remoto utilizzaCA Single Sign-on, utilizzare gli URL seguenti:
- Se SSL non è abilitato:http://producer_server:port/affwebservices/assertionretriever
- Se SSL è abilitato:https://producer_server:ssl_port/affwebservices/assertionretriever
- URL servizio SSOIdentifica l'URL del servizio di Single Sign-On sul lato del produttore.Valore: un URL valido
- Valore predefinito:http://CA Single Sign-onè il produttore:producer_server:port/affwebservices/public/intersitetransfer
Opzioni di firma
Le opzioni di firma definiscono i comportamenti di firma per la comunicazione federata. Questa sezione contiene le impostazioni seguenti:
- Alias del certificato di verifica(Facoltativo) Specifica l'alias associato a un determinato certificato (chiave pubblica) nell'archivio dati di certificato. L'alias fornito indica aCA Single Sign-onil certificato da utilizzare per la verifica delle asserzioni e delle risposte firmate.Selezionare un alias dall'elenco a discesa o fare clic su Importa per importare un certificato se la chiave desiderata non è disponibile.Nota: il certificato è archiviato nel database delle chiavi prima di specificare l'alias associato.Valore: selezione dall'elenco a discesa
Attributi e formati di ID nome supportati
casso1283
The Supported Name ID Formats and Attributes section has two functions:
- Specifies the Name ID formats that the entity supports.The Name Identifier names a user in a unique way in the assertion and specifies which attributes to include in the assertion. The format of the Name Identifier establishes the type of content that is used for the ID. For example, the format can be the User DN so the content can be a uid.
- For the asserting party, you specify attributes to include in an assertion.Attributes added to an assertion can further identify a user and enable an application using the assertion to be customized for each user.
Supported Name ID Formats and Attributes
From the list of options, select all the formats that apply. To select all formats, select Select Name ID Formats.
For a description of each format, see the specification for the SAML or WS-Federation profile.
- Supported Assertion AttributesSpecifies the attributes that the producer includes in the assertion. Click Add to include an attribute in the table. The table includes the following columns:
- Assertion AttributeIndicates the specific attribute in the assertion.Value:name of a valid assertion attribute
- NamespaceDesignates a collection that uniquely identifies names.Value:Any namespace name
- DeleteClick the icon and the entry is removed from the table.