When each side of the partnership is operating, test single sign-on between the two partners.
When IdP1 receives the request, it generates the artifact. The artifact is then sent to the SP1.
After SP1 receives the artifact, it redirects the request back to IdP1. The IdP retrieves the assertion and returns it to SP1.
For testing purposes, create your own html page with a link that initiates single sign-on. You can initiate single sign-on from the IdP or SP. This example illustrates SP-initiated single sign-on.
Follow these steps:
<a href="http://sp1.demo.com:9091/affwebservices/public/
saml2authnrequest?ProviderID=idp1.example.com:9090&
ProtocolBinding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact>
Link for ARTIFACT Single Sign-on</a>
This link instructs the AuthnRequest Service to redirect the user to the specified Identity Provider to retrieve the user authentication context.
For this sample network, the target web server is http://spapp.demo:80.
The last step that is required to test single sign-on is to create a target resource.
Follow these steps:
<p>Welcome to SP1</p>
<p>Single Sign-on is successful</p>
For this sample network, the target web server is http://spapp.demo.com:80.
After you have set up the sample web pages, test single sign-on and verify that the partnership configuration is successful.
Follow these steps:
http://spapp.demo.com:80/spsample/testartifact.html
Note: The target web server is a different server than the one where CA SiteMinder® resides.
When entering the URL, a page is displayed with a link that reads Link to Test ARTIFACT Single Sign-on.
The user is redirected from the SP to the Identity Provider.
After the Identity Provider establishes a session, it directs the user back to the target resource at the Service Provider, which is welcome.html. You see the sample welcome page that you created at the SP. The displayed page lets you know single sign-on was successful.
|
Copyright © 2013 CA.
All rights reserved.
|
|