CA SiteMinder® Federation Standalone Guide › Getting Started with a Simple Partnership › Test the Partnership (POST Profile)

Test the Partnership (POST Profile)

After the partnership is configured, test single sign-on between the two partners.

Testing involves:

• Creating a web page to initiate single sign-on.
• Creating a target web page that serves as the requested federated resource.
• Testing single sign-on.

After you test the basic partnership, you can make more changes to the sample configuration.

Create a Web Page to Initiate Single Sign-on

For testing purposes, create your own html page with a link that initiates single sign-on. You can initiate single sign-on from the IdP or SP. This example illustrates SP-initiated single sign-on.

Follow these steps:

1. Create the sample HTML page at the SP site. Include a hard-coded link to the AuthnRequest service at the SP, as follows:

   <a href="http://sp1.demo.com:9091/affwebservices/public/
   saml2authnrequest?ProviderID=idp1.example.com>
   Link to Test POST Single Sign-on</a>

   This link instructs the AuthnRequest Service to redirect the user to the specified Identity Provider to retrieve the authentication context.

2. Save the web page under the name testsso.html.
3. Copy testsso.html to the web server document root directory, under a subfolder named /spsample.

   For this sample network, the target web server is http://spapp.demo:80.

Create a Target Resource

The last step that is required to test single sign-on is to create a target resource.

Follow these steps:

1. Create the sample HTML page at the SP site and include a message, such as:

   <p>Welcome to SP1</p>

   <p>Single Sign-on is successful</p>

2. Save the web page under the name welcome.html.
3. Copy welcome.html to the web server document root directory, under the subfolder /spsample.

   For this sample network, the target web server is http://spapp.demo.com:80.

Test POST Single Sign-on

After you have set up the sample web pages, test single sign-on and verify that that partnership configuration is successful.

Follow these steps:

1. Be sure that both sides of the partnership are activated in the Administrative UI.
2. Open up a browser.
3. Enter the URL for the web page that includes the link to trigger single sign-on. For this example, enter the following url:

   http://spapp.demo.com:80/spsample/testsso.html

   Note: In this sample network, CA SiteMinder® Federation Standalone is deployed in standalone mode, therefore, the target web server is a different server than the one where CA SiteMinder® Federation Standalone resides.

   Upon entering the URL, a page appears with a link that reads Link to Test POST Single Sign-on.

4. Click Link to Test POST Single Sign-on.

   Single sign-on is initiated. The user is redirected from the AuthnRequest Service at the SP to the Single Sign-on Service at the Identity Provider.

After the Identity Provider authenticates the user and establishes a session, it directs the user back to the target resource at the Service Provider, which is welcome.html. The sample welcome page that you created at the SP, lets you know the single sign-on was successful.