Configuring the Common Domain Services for Federation Management URLs

In Access Manager, the Common Domain Services for Federation Management are configured using two URLs that point to servlets developed for writing and reading the common domain cookie. They are:

• Writer Service URL

• Reader Service URL

For more information on how to configure these URLs, see To Create An Authentication Domain in Chapter 3, Federation.

Writer Service URL

The Writer Service URL is used by the identity provider. After successful authentication, the common domain cookie is appended with the query parameter _liberty_idp=entity-ID-of-identity-provider. This parameter is used to redirect the principal to the Writer Service URL defined for the identity provider. The URL is configured as the value for the Writer Service URL attribute when an authentication domain is created. Use the format http://common-domain-host:port/deployment-uri/writer where common-domain-host:port refers to the machine on which the Common Domain Services for Federation Management are installed and deployment-uri tells the web container where to look for information specific to the application (such as classes or JARs). The default URI is amcommon.

Reader Service URL

The Reader Service URL is used by the service provider. The service provider redirects the principal to this URL in order to find the preferred identity provider. Once found, the principal is redirected to the identity provider for single sign-on. The URL is defined as the value for the Reader Service URL attribute when an authentication domain is created. It is formatted as http://common-domain-host:port/deployment-uri/transfer where common-domain-host:port refers to the machine on which the Common Domain Services for Federation Management are installed and deployment-uri tells the web container where to look for information specific to the application (such as classes or JARs). The default URI is amcommon.