HI, I need to create proof of concept SAML infrastructure. Is it possible to use the same Policy Server to provide IdP and PS?
Yes, it's possible to have one policy server act as IDP and SP.
Great, so I am choosing "Entity Location" Local for both IdP and SP?
You can check below link for more details
CA SiteMinder® Integrated Documents 12.52
You can create Local IDP and SP entities and export the metadata of those entities, At the same time it will ask you to enter the Partnership name, Once you enter the details partnership will be created automatically. You can re-import the entities as RemoteIDP and RemoteSP and update the partnership accordingly.
refer below link for simple partnership.
Getting Started with a Simple Partnership - CA Single Sign-On - 12.52 SP1 - CA Technologies Documentation
Can I leave everything to default during Export Metadata?
Yes, You can keep default settings and later you modify accordingly to your requirements.
So, at the end of this setup 4 entities (2 local and 2 remote idp and sp) and 2 partnerships Lidp -> Rsp and Lsp -> Ridp?
You will have 4 entities and 2 Partnerships.
Local IDP and remote IDP entities
Local SP and remote SP entities.
Hi, I got stuck on creating Partnership mysp to myidp, SSO and SLO screen.
I am getting Error:Must select one SLO Service for SLO binding.
But there is no way to select any SLO. Everything is disabled except HTTP-POST checkbox.
It seems like you didn't enable session store, Hence you are not finding SLO section under partnership.
We need session store to implement SLO. Please configure session store then you will be able to find SLO section under partnership.
Nice, SS enabled, configuration wizards went through. What would be the easiest way to test this setup?
You would need to configure session store manually and create the default schema.
Please follow below links for session store configuration.
Please restart the policy server once session store is configured.
And the easiest way to test whether session store is enabled or not.
Go to realm configuration and check whether you can find option to select Persistent session. If you are able to find then session store is enabled.
Thank you for your comprehensive answer. Now I would need to test SAML setup. Would be this appropriate steps:
1. http://agentidp.example.com//affwebservices/redirectjsp/ protected with Authentication Scheme Basic Template.
2. that is big question, I read https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/configuring/partnership-federation/getting-started-with-a-simple-partnership and I do not understand how example target
http://spapp.demo.com:80/spsample/welcome.html is protected since there is no agent on it.
Could you please create new thread for this?
Thank you. I have answered it.
Retrieving data ...