Initiate SAML 2.0 Single Sign-On at the Identity Provider

Configuration Guides › Federation Security Services Guide › Overview of a SiteMinder Federation Partnership Setup › Set Up Producing Authority Components › Create Links to Target Resources (optional) › Initiate SAML 2.0 Single Sign-On at the Identity Provider

Initiate SAML 2.0 Single Sign-On at the Identity Provider

If a user visits the Identity Provider before going to the Service Provider (POST or artifact binding), initiate an unsolicited response at the Identity Provider. To initiate an unsolicited response, the Federation Web Service application and assertion generator accept an HTTP Get request with a query parameter. This query parameter indicates the Service Provider ID for which the IdP generates the response.

For SAML 2.0 artifact or post profile, the syntax for the link is:

http://IdP_server:port/affwebservices/public/saml2sso?SPID=SP_ID

idp_server:port: Identifies the web server and port hosting the Web Agent Option Pack or SPS federation gateway.
SP_ID: Service Provider ID value.

Add the ProtocolBinding query parameter to this link depending on which bindings are enabled.

Note: You do not need to HTTP-encode the query parameters.

You can also initiate single sign-on at the Service Provider.

More information:

Set Up Links at the IdP or SP to Initiate Single Sign-on

Unsolicited Response Query Parameters Used by a SiteMinder IdP

Email CA Technologies about this topic