Federation Guides › Partnership Federation Guide › Getting Started with a Simple Partnership › Set Up the Artifact Profile for SSO

Set Up the Artifact Profile for SSO

The basic partnership began with HTTP-POST binding for single sign-on. However, your partnership can use the SAML 2.0 Artifact profile.

The configuration for the HTTP-Artifact binding is the same as the configuration for POST binding, until the SSO and SLO steps in the wizard.

Configure Artifact SSO at the IdP

This procedure shows you how to configure the HTTP-Artifact profile for SSO.

Follow these steps:

1. From the Administrative UI, Select Federation, Partnership Federation, Partnerships.

   The Partnerships window displays.

2. Select Action, Deactivate next to the entry for TestPartnership.

   Deactivation is required before editing.

3. Click Action, Modify next to the entry for TestPartnership.

   The partnership wizard opens.

4. Click the SSO and SLO step.
5. Keep the existing settings in the Authentication section.
6. In the SSO section, specify the following entries:

   SSO Binding

   HTTP-Artifact

   Artifact Protection Type

   Partnership

   Leave the remaining settings as is.

7. Add a row to the Assertion Consumer Service URLs table and use the following settings:

   Binding

   HTTP-Artifact

   URL

   http://sp1.demo.com:9091/affwebservices/public/saml2assertionconsumer

   This URL is the same one used for the POST profile.

8. In the Back Channel section, select the following authentication method for the Incoming Configuration:

   Authentication Method

   No Auth

9. Skip the other sections in the dialog.
10. Go to the Confirm step and review the configuration.
11. Click Finish to complete the configuration.

Artifact binding is now configured at Idp1.

Configure Artifact SSO at the SP

This procedure shows you how to configure the HTTP-Artifact profile for SSO.

Follow these steps:

1. Select Federation, Partnership Federation, Partnerships.

   The Partnerships window displays.

2. Select Action, Deactivate next to the entry for Demo Partnership.

   Deactivation is required before editing.

3. Click Action, Modify next to the DemoPartnership entry.

   The partnership wizard opens.

4. Click the SSO and SLO step.
5. In the SSO section, specify the following entries:

   SSO Profile

   HTTP-Artifact

   SSO Service URL

   Keep the same URL that was configured for HTTP-POST single sign-on.

6. Click Add Row in the Remote SOAP Artifact Resolution URLs table. Enter the following settings:

   Index

   1

   URL

   http://idp1.example.com:9090/affwebservices/public/saml2ars

7. Select this entry in the Select column of the table.
8. In the Back Channel section, select the following authentication method for the Outgoing Configuration:

   Authentication Method

   No Auth

9. Click Next until you reach the Application Integration step.

Specify the Target at the SP

The Application Integration step is where you specify the target resource and how CA SiteMinder® redirects the user to the target resource.

Follow these steps:

1. Select No Data for the Redirect Mode field.
2. Specify the target resource at the SP in the Target field.

   In this sample partnership, this target is:

   http://spapp.demo.com:80/spsample/welcome.html

3. Ignore the remaining sections of the dialog.
4. Click Next to move to the Confirm step.