Programming Guides › Programming Guide for C › Policy Management API › Federation Security Services › SAML 2.0 › SAML 2.0 Indexed Endpoints

SAML 2.0 Indexed Endpoints

When configuring single sign-on at the Identity Provider, you can configure more than one endpoint for the Assertion Consumer Service, the service that enables a Service Provider to consume a SAML assertion. Each endpoint you configure is assigned a unique index value, instead of a single, explicit reference to an Assertion Consumer Service URL. The assigned index can be used as a part of a Service Provider's request for an assertion that it sends to the Identity Provider. This enables you to have a different Assertion Consumer Service at the Service Provider for different protocol bindings (Artifact or POST).

In the Policy Management API, you can, for example, add a new Assertion Consumer Service to the Service Provider programmatically by calling the Sm_PolicyApi_AddAssertionConsumerServiceToSAMLSP() function as follows:

    iSmApiRetCode = Sm_PolicyApi_AddAssertionConsumerServiceToSAMLSP (
        pSmApiSessionHandle,
        &structSAMLSPACS2,
        pszOid);  

Parameters:

• pSmAPiSessionHandle is a pointer to a structure that holds information about the administrative session and the client session.
• pstructSAMLSPACS2 is a pointer to Sm_PolicyApi_SAMLSPAssertionConsumerService_t. This structure specifes the index, binding, and Assertion Consumer Service URL.
• pszOid is a pointer to a string containng the OID of the Service Provider.

In addition, the API includes a function to remove an Assertion Consumer Service and a function to retrieve all the Assertion Consumer Services defined in the Service Provider object. The C Policy Management API sample program, smpolicyapiexample.cpp, shows how these functions are implemented.