|
|
|
If a user visits the Identity Provider before going to the Service Provider, the Identity Provider must generate an unsolicited response. To initiate an unsolicited response, create a hard-coded link that generates an HTTP Get request that includes a query parameter with the Service Provider ID. The Identity Provider generates an assertion response for this ID. The Federation Web Service application and the Assertion Generator must accept the GET request.
A user clicks the link you establish to initiate the unsolicited response.
To specify the use of artifact or POST profile in the unsolicited response, the syntax for the unsolicited response link is:
http://idp_server:port/affwebservices/public/saml2sso?SPID=SP_ID& ProtocolBinding=URI_for_binding
Identifies the web server and port hosting the Web Agent Option Pack or SPS federation gateway.
Service Provider ID value.
Identifies the URI of the POST or Artifact binding for the ProtocolBinding element. The SAML 2.0 specification defines this URI.
The binding must also be specified in the SAML Service Provider properties for the unsolicited response to work.
Note the following:
Important! If you configure indexed endpoints for the Assertion Consumer Services, the ProtocolBinding query parameter overrides the binding you select for the Assertion Consumer Service.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |