|
|
|
If a user visits the Service Provider before visiting the Identity Provider, the user must be redirected to the Identity Provider. At the Service Provider, create an HTML page that contains hard-coded links to the AuthnRequest Service. The AuthnRequest service, in turn, redirects the user to the Identity Provider to fetch the authentication context.
Note: The HTML page has to reside in an unprotected realm.
The hard-coded link that the user clicks at the Service Provider must contain certain query parameters. These parameters become part of an HTTP GET request to the AuthnRequest service. The AuthnRequest service is on the Policy Server at the Service Provider.
For SAML 2.0 (artifact or profile), the syntax for the link is:
http://SP_site/affwebservices/public/saml2authnrequest?ProviderID=IdP_ID
Specifies the server and port number at the Service Provider hosting the Web Agent Option Pack or the SPS federation gateway.
Specifies the identity assigned to the Identity Provider
You can add the ProtocolBinding query parameter to this link depending on which bindings are enabled. For more information about configuring links at the Service Provider, see Set Up Links at the IdP or SP to Initiate Single Sign-on.
Note: You do not need to HTTP-encode the query parameters.
You can also create links at the Identity Provider.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |