|
|
|
SP-initiated SSO requires that you have an HTML page at the Service Provider containing hard-coded links to the AuthnRequest service at the Service Provider. These links redirect the user to the Identity Provider to be authenticated and determining what is included in the AuthnRequest itself.
This information applies to Artifact or POST bindings.
The hard-coded link that the user selects must contain specific query parameters, which are used in an HTTP GET request to the AuthnRequest service.
Note: The page with these hard-coded links has to reside in an unprotected realm.
To specify the use of artifact or profile binding for the transaction, the syntax for the link is:
http://sp_server:port/affwebservices/public/saml2authnrequest?
ProviderID=IdP_ID&ProtocolBinding=URI_of_binding&
RelayState=target_URL
Specifies the server and port number at the Service Provider that is hosting Federation Manager.
Specifies the identity assigned to the Identity Provider.
Identifies the URI of the POST or Artifact binding for the ProtocolBinding element. The SAML 2.0 specification defines this URI.
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
You do not need to set this parameter for HTTP-POST single sign-on.
A binding must also be enabled for the partnership for the request to work.
Specifies the URL of the federation target at the Service Provider.
Note the following:
| Copyright © 2010 CA. All rights reserved. | Email CA about this topic |