IBM Tivoli Federated Identity Manager, Version 6.2.2.7

Adding a partner to your WS-Federation single sign-on federation

You can use the administration console to add a partner to a WS-Federation single sign-on federation.

About this task

The configuration steps are the same for adding all partners. The configuration properties differ for identity provider and service provider partners. The Partner wizard prompts you for the necessary properties.

Procedure

  1. Log on to the IBM® Integrated Solutions Console.
  2. Click Tivoli® Federated Identity Manager > Configure Federated Single Sign-on > Partners. The Federation Partners panel opens.
  3. Click Create. The Select Federation panel opens.
  4. Select the federation to which you would like to add a partner.
  5. Click Next. The Contact Information panel opens.
  6. Enter the Contact properties.

    The company name is required. The other fields are optional.

  7. Click Next. The WS-Federation Data panel opens.
  8. Enter the requested properties.
  9. Click Next. The Configure Security Token panel opens.
  10. Enter the configuration properties for the federated security token.

    The configuration properties are specific to the partner role:

    • When adding an identity provider partner:
      1. When assertions should be signed click Enable the Signing of Assertions. When you select this check box, you must specify a key for signing assertions. Select the Keystore, enter the Keystore Password, click List Keys and select the key from the key table.
      2. Optionally specify attributes in the field: Include the following attribute types (a '*' means include all types.
      3. Click Next.
    • When adding a service provider partner:
      1. When signatures should be validates click Enable Signature Validation. When you select this check box, specify a key to use for validating signatures. Select the Keystore, enter the Keystore Password, click List Keys and select the key from the key table.
      2. Click Next.
    The Identity Mapping Options panel opens.
  11. Select one of the radio buttons.
    • Use XSL Transformation for Identity Mapping

      Indicates that you will use an XSL file to provide any required identity mapping.

      1. When you select this choice and click Next, the Identity Mapping panel opens. Leave the identity mapping blank when you want to use the default identity mapping rule that you entered in the Federation Creation wizard.

        When you want to override the default mapping rule with a rule specific to this partner, enter the name of a file on the local file system that contains the identity mapping rule in the XSLT File Containing Identity Mapping Rule field.

        Optionally, you can click the Browse button to locate the file on the local file system.

      2. Click Next.
    • Use Custom Mapping Module Instance

      Indicates that you will provide a custom mapping module instance to use instead of an XSL file.

      1. When you select Use Custom Mapping Module Instance, a table of Module Instances opens. Select the radio button for the module instance to use and click Next.
      2. When you custom mapping module instance requires you to specify values for properties, you will be prompted for them now. Otherwise, the panel opens a message indicating that there are no properties to configure for the specified module instance.
    The Summary panel opens.
  12. Verify that the settings are correct and click Finish. The Add Partner Complete panel opens.
  13. Click Enable Partner to activate this partner.

    The partner has been added to the federation, but is disabled by default as a security precaution. You must enable the partner.

Parent topic: Configuring a WS-Federation single sign-on federation

Feedback