Federation Guides › Partnership Federation Guide › Single Sign-on Configuration › Single Sign-on Configuration (Relying Party)

Single Sign-on Configuration (Relying Party)

To configure single sign-on at the relying party, specify the SAML binding and the other related SSO settings.

At the relying party, the system uses the skew time for the partnership to determine whether the assertion it receives is valid. To understand how the system uses the configured skew time, read more about assertion validity.

The procedure that follows offers the basic steps to enable single sign-on. Details about all the configurable features in the sign-on dialog are described in subsequent topics and in the Administrative UI help.

Follow these steps:

1. Begin at the appropriate step in the partnership wizard.

   SAML 1.1

   Single Sign-On

   SAML 2.0

   SSO and SLO

   WS-Federation

   Single Sign-On and Sign-Out

2. Configure the settings in the SSO section of the dialog. These settings let you control the single sign-on binding.

   Note: Click Help for a description of fields, controls, and their respective requirements.

   For SAML, configure the HTTP-Artifact or the HTTP-POST profile. If the relying party initiates single sign-on, it includes a query parameter in the request. This query parameter indicates the SSO binding to use. If no binding is specified, the default is POST. If the asserting party initiates single sign-on, the asserting party indicates the binding in use for that particular transaction.

3. (Optional). For SAML 2.0, you can configure these settings:
   • Remote SSO Service URLs
   • Remote SOAP Artifact URLs
   • Initiation of single sign-on from which partner

     If a third-party IdP is authenticating a consumer user with no user record at the host, SSO is initiated at the SP.

   • User consent requirement

   Note: Click Help for a description of fields, controls, and their respective requirements.

4. If you select the HTTP-Artifact profile, configure the authentication method for the back channel in the Back Channel section of the dialog.
5. For the remaining settings, accept the defaults.

The basic settings for single sign-on are complete. Other settings are available for SSO. Click Help for the field descriptions.