Federation Guides › Partnership Federation Guide › Partnership Creation and Activation › Single Sign-on Configuration (Relying Party)

Single Sign-on Configuration (Relying Party)

To configure single sign-on at the relying party, specify the SAML binding and the related aspects of how the relying party handles communication.

At the relying party, SiteMinder uses the skew time for the partnership to determine whether the assertion it receives is valid. Read more about assertion validity to understand how SiteMinder uses the configured skew time.

Follow these steps:

1. Begin at the appropriate step in the partnership wizard.

   SAML 1.1

   Single Sign-On

   SAML 2.0

   SSO and SLO

2. Configure the settings in the SSO section of the dialog. These settings let you control the following features:

   Single sign-on binding

   For SAML 2.0, you can select HTTP-Artifact and HTTP-POST. If the SP initiates single sign-on, it includes a query parameter in the request. This query parameter indicates the SSO binding to use. If no binding is specified, the default is POST. If the IdP initiates single sign-on, the IdP indicates the binding in use for that particular transaction.

   For SAML 2.0, you can configure these settings:

   • Remote SSO Service URLs
   • Remote SOAP Artifact URLs
   • Initiation of single sign-on from which partner
   • User consent requirement

   Note: Click Help for a description of fields, controls, and their respective requirements.

3. If you select HTTP-Artifact, configure the authentication method for the back channel in the Back Channel section of the dialog.

   Note: For SAML 2.0, configure the outgoing back channel.

Configuration for single sign-on is complete.

More information:

Enhanced Client or Proxy Profile (ECP)