An authentication domain is a federation of any number of service providers (and at least one identity provider) with whom principals can transact business in a secure and apparently seamless environment. (An authentication domain is NOT a domain in the domain name system sense of the word.) In Federation Manager, before creating and populating an authentication domain, you create a grouping of providers called an entity. Then, you configure and save the authentication domain itself. Finally, to add an entity, you edit the configured authentication domain.
For more information on entities, see Entities: Provider and Affiliate.
Authentication domains are configured using the Federation Manager Console by selecting Authentication Domains under Federation. The following tasks are associated with authentication domains:
The members of the domain must have previously established a circle of trust based on the Liberty Alliance Project architecture and operational agreements.
Follow this procedure to create a new authentication domain. The starting point is the Authentication Domains screen under Federation.
Click New to display the authentication domain attributes.
The New Authentication Domain profile page is displayed.
Type a name for the authentication domain.
(Optional) Type a description of the authentication domain in the Description field.
(Optional) Type a value for the Writer Service URL.
The Writer Service URL specifies the location of the servlet that writes the common domain cookie. Use the format http://common-domain-host:port/common/writer.
(Optional) Type a value for the Reader Service URL.
The Reader Service URL specifies the location of the servlet that reads the common domain cookie. Use the format http://common-domain-host:port/common/transfer.
Choose Active or Inactive.
The default status is Active. Choosing Inactive disables communication within the authentication domain.
Click OK to complete the configuration.
The new authentication domain is displayed on the Authentication Domains screen.
Follow this procedure to edit the General attributes of an existing authentication domain, or to add providers to it. (See To Add Providers to an Authentication Domain.) The starting point is the Authentication Domains screen under Federation.
Select the name of a configured authentication domain to modify its profile, or to add providers to it.
The Authentication Domain Profile page is displayed.
Edit the values of the authentication domain's General attributes.
Contains the name for the authentication domain. This value is static.
Contains a description of the authentication domain.
Specifies the location of the service that writes the common domain cookie. Use the format http://common-domain-host:port/common/writer.
Specifies the location of the service that reads the common domain cookie. Use the format http://common-domain-host:port/common/transfer.
The default status is Active. Selecting Inactive disables communication within the authentication domain.
Click Add to add providers to the authentication domain.
The Trusted Partner page is displayed with a list of available provider entities.
Choose one or more available providers and click the Add arrow to select them.
The list provided contains the names of entities that have been created. These entities contain providers. For more information, see To Add Providers to an Authentication Domain.
Click OK to save the providers to the authentication domain.
This will return you to the previous Authentication Domain Profile screen.
Click Save to complete the operation.
Identity providers and service providers must first be configured within entities before they are available to add to an authentication domain. Once created and populated with providers, an entity (and thus the providers) can be assigned to an authentication domain.
An entity cannot be assigned to an authentication domain until it has been populated with provider(s).
For more information, see Entities: Provider and Affiliate.
Choose one or more available providers and click the Add arrow to select them.
The list provided contains the names of entities that have been created. These entities contain providers.
Click OK to save the providers to the authentication domain.
This will return you to the previous Authentication Domain Profile screen.
Finish your configurations and click Save to complete the operation.
Follow this procedure to delete an existing authentication domain. The starting point is the Authentication Domains screen under Federation.