Create Links to Consumer Resources for Single Sign-on

Federation Security Services Guide › Identify Consumers at a SAML 1.x Producer › Create Links to Consumer Resources for Single Sign-on

Create Links to Consumer Resources for Single Sign-on

At the producer, create pages that contain links that direct the user to the consumer site. Each link represents an intersite transfer URL. The user has to visit the intersite transfer URL, which makes a request to the producer-side Web Agent before the user is redirected to the consumer site.

For SAML artifact profile, the syntax for the intersite transfer URL is:

http://producer_site/affwebservices/public/intersitetransfer?SMASSERTIONREF=QUERY&NAME=
affiliate_name&TARGET=http://consumer_site/target_url?query_parameter_name%
3Dquery_parameter_value%26query_parameter_name%3Dquery_parameter_value&SMCONSUMERURL=
http://consumer_site/affwebservices/public/samlcc&AUTHREQUIREMENT=2

For SAML POST profile, the syntax for the intersite transfer URL is:

http://producer_site/affwebservices/public/intersitetransfer?SMASSERTIONREF=QUERY&NAME=
affiliate_name&TARGET=http://consumer_site/target_url

The variables in the intersite transfer URLs are as follows:

producer_site
Specifies the web site where the user is authenticated
affiliate_name
Indicates the name of an affiliate configured in an affiliate domain.
consumer_site
Indicates the site the user wants to visit from the producer site.
target_url
Target page at the consumer site.

The intersite transfer URLs that the user selects must contain the query parameters listed in the table that follows. These parameters are supported by an HTTP GET request to the producer Web Agent.

Note: Query parameters for the SAML artifact profile must use HTTP-encoding.

Query Parameter	Meaning
SMASSERTIONREF (required)	For internal use. The value will always be QUERY. Do not change this value.
NAME (required)	Name of an affiliate configured in an affiliate domain.
TARGET (required)	The target URL at the consumer site.
SMCONSUMERURL (required only for artifact profile)	The URL at the consumer site processes the assertion and authenticates the user. For SAML 1.x artifact binding, if a value is specified for the Assertion Consumer URL, it takes precedence over the value of this query parameter.
AUTHREQUIREMENT=2 (required only for artifact profile)	For internal use. The value will always be 2. Do not change this value.

Note: The SMCONSUMERURL and AUTHREQUIREMENT parameters are not used by SAML POST profile; however, if you include one of these parameters in the intersite transfer URL you must also include the other.

Example of an intersite transfer URL for the artifact profile:

http://www.smartway.com/affwebservices/public/intersitetransfer?SMASSERTIONREF=QUERY&NAME
=ahealthco&TARGET=http://www.ahealthco.com:85/smartway/index.jsp&SMCONSUMERURL=
http://www.ahealthco.com:85/affwebservices/public/samlcc&AUTHREQUIREMENT=2

Example of an intersite transfer URL for the POST profile:

http://www.smartway.com/affwebservices/public/intersitetransfer?SMASSERTIONREF
=QUERY&NAME=ahealthco&TARGET=http://www.ahealthco.com/index.html

Email CA about this topic