Federation Security Services GuideOverview of a SiteMinder Federation Partnership SetupSet Up Producing Authority ComponentsCreate Links to Target Resources (optional) › Initiate SAML 2.0 Single Sign-On at the Identity Provider

Previous Topic: Initiate SAML 1.x Single Sign-On at the Producer

Next Topic: Initiate WS-Federation Single Sign-on at the Account Partner
Initiate SAML 2.0 Single Sign-On at the Identity Provider

If a user visits the Identity Provider before going to the Service Provider (POST or artifact binding), an unsolicited response at the Identity Provider needs to be initiated. To initiate an unsolicited response, the Federation Web Service application and assertion generator accept an HTTP Get request with a query parameter that indicates the Service Provider ID for which the IdP will generate the response.

For SAML 2.0 artifact or post profile, the syntax for the link is:

http://IdP_server:port/affwebservices/public/saml2sso?SPID=SP_ID

You may need to add the ProtocolBinding query parameter to this link depending on which bindings are enabled.

Note: You do not need to HTTP-encode the query parameters.

You can also initiate single sign-on at the Service Provider.

More information:

Set Up Links at the IdP or SP to Initiate Single Sign-on

Unsolicited Response Query Parameters Used by a SiteMinder IdP

Copyright © 2010 CA. All rights reserved. Email CA about this topic