Previous Topic: Configure Single Sign-on at the SPNext Topic: Enable Single Logout

Federation GuidesLegacy Federation GuideConfigure a SAML 2.0 Service ProviderConfigure Single Sign-on at the SPEnable the Enhanced Client or Proxy Profile

Enable the Enhanced Client or Proxy Profile

The Enhanced Client or Proxy Profile (ECP) is an application of the single sign-on profile. An ECP is a system entity that knows how to contact an Identity Provider. An ECP supports the Reverse SOAP binding, PAOS for the purpose of providing single sign-on for a user.

An enhanced client can be a browser or some other user agent that supports the ECP functionality. An enhanced proxy is an HTTP proxy, such as a Wireless Access Protocol proxy for a wireless device.

The ECP profile allows the Service Provider to make an authentication request without knowing the Identity Provider. PAOS lets the Service Provider obtain the assertion through the ECP, which is always directly accessible, unlike the Identity Provider. The ECP acts as the intermediary between the Service Provider and the Identity Provider.

Enable the ECP profile with single sign-on in the following situations:

The flow of the ECP profile is shown in the following illustration.

Graphic showing the flow of the Enhanced Client and Proxy Profile between the Identity Provider and Service Provider

To enable the ECP profile

  1. Direct the ECP request to the AuthnRequest service. The following URL shows an example: 
    https://host:port/affwebservices/public/saml2authnrequest=
  2. The headers in the ECP request must include attributes that the SAML 2.0 specification requires, such as: 
    Accept: text/html; application/vnd.paos+xml
PAOS: ver='urn:liberty:paos:2003-08' ; 
'urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp'
  3. In the Administrative UI, navigate to the SAML 2.0 authentication scheme.
  4. Select SAML 2.0 Configuration, SSO.
  5. Fill out the required single sign-on fields on the SSO page.
  6. Select the Enhanced Client and Proxy Profile check box.
  7. Click OK.