Configuration GuidesFederation Security Services GuideConfigure SOA Security Manager as a SAML 2.0 Identity ProviderSet Up Links at the IdP or SP to Initiate Single Sign-on › Service Provider-initiated SSO (POST or artifact binding)

Previous Topic: Unsolicited Response Query Parameters Used by a SiteMinder IdP

Next Topic: AuthnRequest Query Parameters Used by a SiteMinder SP
Service Provider-initiated SSO (POST or artifact binding)

A user can visit the Service Provider first and then go to an Identity Provider. Therefore, create an HTML page at the Service Provider containing hard-coded links to its AuthnRequest service. The links in the HTML page redirect the user to the Identity Provider for authentication. The links also indicate what is in the AuthnRequest.

The hard-coded link that the user selects must contain specific query parameters. These parameters are part of the HTTP GET request to the AuthnRequest service at the Service Provider.

Note: The page with these hard-coded links has to reside in an unprotected realm.

To specify the use of artifact or profile binding for the transaction, the syntax for the link is:

http://SP_server/affwebservices/public/saml2authnrequest?ProviderID=IdP_ID&
ProtocolBinding=URI_of_binding
sp_server:port

Specifies the server and port number at the Service Provider hosting the Web Agent Option Pack or the SPS federation gateway.

IdP_ID

Specifies the identity assigned to the Identity Provider

URI_for_binding

Identifies the URI of the POST or Artifact binding for the ProtocolBinding element. The SAML 2.0 specification defines this URI.

A binding must also be enabled for the SAML authentication scheme for the request to work.

Note the following: