AnsweredAssumed Answered

SAML 1.1 Authentication Scheme for credentials

Question asked by ryan.kogelheide on Mar 20, 2012
Latest reply on Mar 30, 2012 by ryan.kogelheide
I'm trying to figure out how we can create a SAML Auth scheme for smart card authentication independent of the directory that's used for user disambiguation.

On the same policy server, I'd like to use one SAML 1.1 Auth Scheme for issuing a SiteMinder session based solely on the federation trust, then use that session to disambiguate users in different domains associated with different user stores (each user store identifying the user by the card ID).

So the SAML 1.1. Auth scheme collects the card ID and creates a session on that card ID, then that session is used to create a new session based on directory 1 or directory 2 (depending on what realm is hit).

Does that make any sense?

What stumps me is how

1) I create a SAML 1.1. Auth scheme that is not associated with a local directory.
2) How I create the second session based on the SAML auth schem.

Any ideas?

Cheers,

Ryan

Outcomes