Service Provider Types: WS Federation

Follow

Introduction

WS-Federation “defines mechanisms that are used to enable identity, account, attribute, authentication, and authorization federation across different trust realms” that was created by BEA, IBM, Microsoft, RSA Security and VeriSign. It has since been codified as an OASIS standard. 

We can use this standard to provide authentication and authorization to WS-Federation Service Providers.

General Settings

Field Description
Display Name User defined name of the Service Provider
URL Not used
Description User defined description of the Service Provider
Authentication Scheme Defines which IDP(s) that can authenticate a user for this Service Provider, and how the user can authenticate.
Type "WS-Federation"
Subject Primary user attribute that is used to identify the user.
Entity ID This uniquely identifies the WS Federation Service Provider. It will be provided by the Service Provider.
Assertion Signed If set to true, the assertion from the IDHub to the Service Provider will be signed (the corresponding certificate must be available)
Passive Endpoint The URL to which we redirect the client (requestor), if the user is not authenticated (anymore). 
Include X509 Certificate Includes the complete certificate in the signature.
Include X509 Alias Includes the singing certificate alias  in the signature
Include PK name Includes the public key name in the signature.
Signature Method Define which algorithm is used to sign the assertion.
IDHub Entity ID Overrides the unique identification for IDHub to that Service Provider, instead of the default.

Certificates

Certificates are managed at Certificate Overview

It is still possible to import certificates without needing to leave the Service Provider screen.

Field Description
Context
Defines what the certificate is used for.
  • Key - Signing: Used to sign messages to the SP
Certificate Alias
The alias of the certificate to use for this context.
Used From
Defines from when this certificate may be used.
For Key- Signing certificates, these periods may never overlap.  
Used Until
Defines until when this certificate may be used.
Have more questions? Submit a request

Comments