Federation Manager GuideFederation Partnerships › Single Sign-on Configuration (Relying Party)

Previous Topic: Single Sign-on Configuration (Asserting Party)

Next Topic: Assertion Validity for Single Sign-on

Single Sign-on Configuration (Relying Party)

To configure single sign-on at the relying party, you specify the SAML binding supported by the relying party and the related aspects of how the relying party handles single sign-on communication.

When Federation Manager is at the relying party, it uses the skew time set for the partnership to determine if the assertion it receives is valid. Read more about assertion validity to understand how Federation Manager uses the configured skew time.

To configure single sign-on at the relying party

  1. Begin at the appropriate step in the Partnership Wizard.
  2. Configure the settings in the SSO group box for the profiles you are using.

    For SAML 2.0, you can select both Artifact and POST—the local entity determines the sequence in which the bindings are tried.

    Note: You can click Help for a description of fields, controls, and their respective requirements.

  3. If you select HTTP-Artifact, also configure the authentication method for the outgoing back channel.

This procedure completes the SSO configuration for the relying party.

More information:

Enhanced Client or Proxy Profile (ECP)

Back Channel Authentication for Artifact SSO

Copyright © 2010 CA. All rights reserved. Email CA about this topic