Setting Up SAML 2.0 Support › How to Set Up SAML Authentication › Configure the IdP

Configure the IdP

To begin using SAML 2.0 for user authentication in CA Performance Center, set some parameters on the identity provider (IdP). Any IdP that supports the SAML 2.0 standard should work, but CA has only tested with CA SiteMinder.

Follow these steps:

1. Enable the SAML2 authentication mode on the IdP.
2. Provide a URL for the assertion consumer service, which is running on the servers where Single Sign-On is installed.

   Here is an example:

   http://[MyServerName]:8381/sso/saml2/UserAssertionService
   

   where 8381 is the port that Single Sign-On uses.

3. Set the binding method to 'HTTP-Redirect'.

   Note: HTTP Redirect is the only binding method that Single Sign-On supports.

4. Provide URLs for the single logout service.

   The logout service and the response location are both required. These services are running on the server where Single Sign-On is installed.

   Use the following examples:

   http://[MyServerName]:8381/sso/saml2/LogoutService
   http://[MyServerName]:8381/sso/saml2/LogoutServiceResponse
   

5. Add all data source product websites that support SAML 2.0 to the list of trusted sites.

   This step can involve adding these websites to a list of federation partnership entities.

6. Verify digital signature and encryption settings, which are supported, but optional. You must also configure these settings in Single Sign-On.
7. Import the IdP agreement file from its location on the Single Sign-On server.

   You exported this file after you completed other setup steps using the Single Sign-On Configuration Tool. For more information, see Configure SAML Support in Single Sign-On.