If a user visits the Identity Provider before going to the Service Provider (POST or artifact binding), an unsolicited response at the Identity Provider needs to be initiated. To initiate an unsolicited response, the Federation Web Service application and assertion generator accept an HTTP Get request with a query parameter that indicates the Service Provider ID for which the IdP will generate the response.
For SAML 2.0 artifact or post profile, the syntax for the link is:
http://IdP_server:port/affwebservices/public/saml2sso?SPID=SP_ID
Identifies the web server and port hosting the Web Agent Option Pack or SPS federation gateway.
Service Provider ID value.
You may need to add the ProtocolBinding query parameter to this link depending on which bindings are enabled.
Note: You do not need to HTTP-encode the query parameters.
You can also initiate single sign-on at the Service Provider.
Copyright © 2010 CA. All rights reserved. | Email CA about this topic |