Updating Web Pages
After configuring the SAML systems for both iChainSite and eMartian, you need to create Intersite Transfer URLs for each portal page. The iChainSite portal needs an affiliate link pointing to eMartian, and vice versa. This section includes the following topics:
iChainSite Intersite Transfer URLs
At the iChainSite portal/index.jsp page there are some affiliate links. The first two are loopback links that perform SAML single sign-on operations with the iChainSite. Intersite transfer URLs for eMartian must be added to the page. The eMartian post and eMartian artifact URLs are provided to send users from the iChainSite portal to the eMartian application.
Figure 57iChainSite Portal
The source of the eMartian intersite transfer URLs is shown in the example below:
<!--eMartain POST -->
<A
href="https://www.ichainsite.com/cmd/ext/samlext/saml/gen/post?AID=www.eMartian.com&TARGET=http://www.eMartian.com/eMartian/application"> eMartain post</a>
<!--eMartain Artifact -->
<A
href="https://www.ichainsite.com/cmd/ext/samlext/saml/gen/afct?AID=www.eMartian.com&TARGET=http://www.eMartian.com/eMartian/application"> eMartain artifact</a>
Each of the links points back to the iChainSite resource used to generate assertions; https://ww.ichainsite.com/cmd/ext/samlext/saml/gen/post is used to generate assertions in the Browser/POST profile, and https://www.ichainsite.comd/cmd/ext/samlext/saml/gen/afct is used to generate assertions in the Browser/Artifact profile. There are two critical parameters that must be included in the URL in order for the assertion generation to work:
Aid: This is the site ID for which the assertion is being generated. In the example above, assertions are generated for www.emartian.com. The Aid must match the SiteID configured in the directory.
Target: The target is the resource the user wants to access at the partner site. The eMartian site link target is http://www.emartian.com/application.
Clicking on either of the eMartian links causes the iChainSite to generate a SAML assertion intended for eMartian. The user will then be sent to the appropriate SAML receiver URL on the eMartian site. The SAML service running at eMartian will validate the provided SAML assertion, evaluate the user mapping rules, and provide the user with the target resource.
Figure 58 shows what the end result Web page should look like after you have clicked on eMartian artifact/POST from iChainSite.
Figure 58From iChain to eMartian
eMartian Intersite Transfer URLs
In order to send users from eMartian to iChainSite, intersite transfer URLs must be added to the eMartian portal. By default the eMartian portal contains these URLs for iChainSite. The source for these URLs is shown in the example below:
<!--ichainsite POST -->
<A
href="https://www.eMartian.com/cmd/ext/samlext/saml/gen/post?AID=www.ichainsite.com&TARGET=http://www.ichainsite.com/ic/portal"> eMartain post</a>
<!--ichainsite Artifact -->
<A
href="https://www.eMartian.com/cmd/ext/samlext/saml/gen/afct?AID=www.ichainsite.com&TARGET=http://www.ichainsite.com/ic/portal"> eMartain artifact</a>
The eMartian Intersite Transfer Links follow the same pattern as those in the iChainSite portal. They both point to the SAML Assertion generation service running at eMartian: https://www.emartian.com/cmd/ext/samlext/saml/gen/post, and https://www.emartian.com/cmd/ext/samlext/saml/gen/afct. The AID is www.ichainsite.com, indicating that the SAML Assertion is to be generated for iChainSite. The target URL is set to the iChainSite portal.
Clicking either of the iChainSite links causes the eMartian system to generate a SAML Assertion for iChainSite, sending the user to the SAML receiver at the iChainSite. The SAML service running on the iChainSite processes the provided assertion, maps the user to an identity, and provides the user with the requested resource.
Figure 59 shows what the end result Web page should look like after you have clicked on iChainSite artifact/POST from eMartian.
Figure 59From eMartian to iChain
