HTTP Federation (HFED) Proxy is a method for integrating web applications that do not support Security Assertion Markup Language (SAML) and that use a sign-in form to authenticate users.
HFED provides a convenient way to configure SSO for non-SAML applications without requiring your team to invest significant IT time and expense. HFED includes a "discovery" feature that automatically populates sign-in form fields with the appropriate settings. You can manually specify settings that are not discovered or that you want to change.
User credentials for HFED applications are encrypted in the user's keychain, which is stored on the identity router. Each user has a keychain for each HFED application being accessed. For example, AppName_Username, AppName_Password are credentials that are stored in the same keychain for a user. Keychain credentials are synchronized between identity routers and clusters, and must be backed up periodically.
Note: If you configure RSA SecurID Access to use SSL when connecting to a protected application using the HFED Proxy method, the web server hosting the application must have a valid SSL certificate signed by a certificate authority (CA) that the identity routers trust. For more information, see Trusted Certificate Authorities for HFED or Trusted Headers Applications.