The Enhanced Client or Proxy Profile (ECP) is an application for single sign-on. An enhanced client is a browser or some other user agent that supports the ECP functionality. An enhanced proxy is an HTTP proxy, such as a Wireless Access Protocol proxy for a wireless device.
The ECP profile enables single sign-on when the Identity Provider and Service Provider cannot communicate directly. The ECP acts as the intermediary between the Service Provider and the Identity Provider.
In addition to acting as an intermediary, the ECP profile is useful in the following situations:
You are responsible for obtaining or developing an ECP application. CA SiteMinder® only processes the ECP requests and only responds to the ECP application in keeping with the SAML requirements.
The flow of the ECP profile is shown in the following illustration.
In an ECP communication, a user requests access to an application, for example, from a mobile phone. The application resides at the Service Provider and the identity information for the user resides at the Identity Provider. The Service Provider and Identity Provider do not communicate directly.
The flow of the call is as follows:
The ECP entity is always directory accessible, unlike the Identity Provider.
Single sign-on proceeds and the user gains access to the application.
To configure ECP, enable the feature at the Identity Provider and the Service Provider. The following procedure is for a CA SiteMinder® Identity Provider.
Follow these steps:
The Identity Provider can now process ECP calls.
Note: A single Service Provider object can handle artifact, POST, SOAP, and PAOS bindings for single sign-on requests. SOAP and PAOS are the bindings for the ECP profile. The Identity Provider and Service Provider determine the binding being used based on the parameters in a request.
To configure ECP, you must enable the feature at the Identity Provider and the Service Provider. The following procedure is for a Service Provider.
Follow these steps:
https://host:port/affwebservices/public/saml2authnrequest
The Service Provider can now process ECP calls.
Note: A single Service Provider object can handle artifact, POST, SOAP, and PAOS bindings for single sign-on requests. SOAP and PAOS are the bindings for the ECP profile. The Identity Provider and Service Provider determine the binding being used based on the parameters in a request.
Copyright © 2014 CA.
All rights reserved.
|
|