Authentication Domains
An authentication domain is a federation of any number of service providers (and at least one identity provider) with whom principals can transact business in a secure and apparently seamless environment. (The members of the domain must have previously established a circle of trust based on the Liberty Alliance Project architecture and operational agreements.)
Note –
An authentication domain is not a domain in the domain name system (DNS) sense of the word.
The following procedures describe how to create, configure, and delete authentication domains using the Access Manager Console.
To Create An Authentication Domain
-
In the Access Manager Console, click the Federation tab.
-
Under Federation, select the Authentication Domains tab.
-
Select New.
The New Authentication Domain attributes are displayed.
-
Type a name for the authentication domain.
-
(Optional) Type a description of the authentication domain in the Description field.
-
(Optional) Type a value for the Writer Service URL.
The Writer Service URL specifies the location of the service that writes the common domain cookie. Use the format http://common-domain-host:port/common/writer. For more information about the Common Domain Services, see Chapter 4, Common Domain Services for Federation Management.
-
(Optional) Type a value for the Reader Service URL.
The Reader Service URL specifies the location of the service that reads the common domain cookie. Use the format http://common-domain-host:port/common/transfer. For more information about the Common Domain Services, see Chapter 4, Common Domain Services for Federation Management.
-
Select Active or Inactive.
The default status is Active. Selecting Inactive disables communication within the authentication domain.
-
Click OK.
The new authentication domain is now displayed in the list of configured Authentication Domains.
To Configure or Modify an Authentication Domain
-
In the Access Manager Console, click the Federation tab.
-
Under Federation, select the Authentication Domains tab.
All created Authentication Domains are displayed.
-
Click the name of the authentication domain that you want to modify.
The General and Providers properties for the authentication domain are displayed.
-
(Optional) Enter or modify a description of the authentication domain in the Description field.
-
(Optional) Enter or modify the value for the Writer Service URL.
The Writer Service URL specifies the location of the service that writes the common domain cookie. Use the format http://common-domain-host:port/common/writer. For more information on the Common Domain Services, see Chapter 4, Common Domain Services for Federation Management.
-
(Optional) Enter or modify the value for the Reader Service URL.
The Reader Service URL specifies the location of the service that reads the common domain cookie. Use the format http://common-domain-host:port/common/transfer. For more information on the Common Domain Services, see Chapter 4, Common Domain Services for Federation Management.
-
Select Active or Inactive.
The default status is Active. Selecting Inactive disables communication within the authentication domain.
-
Click Add to populate the authentication domain with providers.
The Trusted Providers page is displayed.
-
Choose from the list of Available Providers and click Add.
-
Click OK to save the providers to the authentication domain.
The authentication domain's attribute page is displayed.
-
Click Save to complete the configuration.
To Delete an Authentication Domain
Deleting an authentication domain does not delete the providers that belong to it although it will impact the trusted relationship.
- © 2010, Oracle Corporation and/or its affiliates