Sun Java System Federation Manager 7.0 User's Guide

Federation Manager Architecture

Federation Manager consists of web-based services [using SOAP, XML over HTTP(S) or HTML over HTTP(S)], and Java—based application provider interfaces (APIs) and service provider interfaces (SPIs). The figure below illustrates this architecture. Additionally, the figure shows an agent embedded into a web container. This agent enables the service provider applications to participate in the SAML or Liberty-based protocols. The darker boxes are components provided by Federation Manager.

Figure 1–2 Architecture of Federation Manager

This figure illustrates the architecture of Federation Manager.

The Federation Manager components include:

Federation Manager Console

A web interface for managing authentication domains, provider meta data, and authentication.


Federation Manager provides SAML related services including artifact and POST profile support, and assertion query support.

Federation and associated web services

Federation Manager provides services based on the Liberty ID-FF and the Liberty ID-WSF specifications. Federation features include federation and single sign-on, single logout, federation termination, name registration, and support for the Common Domain. Implemented web services include a SOAP binding service, a discovery service, a personal profile service, and an authentication service.


Federation Manager provides a JAAS-based authentication framework.


Federation Manager provides session management for service provider applications.


Federation Manager provides a logging service. It also provides activity logs for auditing. Audit logs can be stored in flat files or JDBC-compliant databases.


Federation Manager allows service provider applications to participate in the federation protocol.


Federation Manager includes a set of APIs for interaction between the SSO, logging, SAML, Liberty ID-FF, and authentication components. Also included are APIs to build web services (Liberty ID-WSF) for clients and provider.


Federation Manager includes a set of Service Provider Interfaces (SPIs) into which applications can insert their custom logic. For instance, there is an SPI to do post federation processing, and an SPI for post processing after a successful single logout.