Previous Topic: Enable the Artifact Binding for SAML Authentication at the SP

Next Topic: Include an Attribute in the Assertion

Test SP-Initiated Artifact Single Sign-on

To test single sign-on in an FSS-to-FSs network, you can use the web pages included with the FSS sample application, provided you have previously run the FSS sample application script. If you do not run the FSS sample application, you have to use your own web pages to test single sign-on.

The sample application web pages are located in the following two folders.

policy_server_home/samples/federation/content/idpsample
policy_server_home/samples/federation/content/spsample

Important! If you have run the sample application, the idpsample and spsample folders are automatically copied into your web server's document root directory.

If you choose to use your own HTML page, it must contain a hard-coded link to the AuthnRequest service. For this deployment, the link for Artifact binding is:

http://<server:port>/affwebservices/public/saml2authnrequest?ProviderID=
IdP_ID&ProtocolBinding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact

where server:port is the name and port of the server at the SP where the Web Agent Option Pack is installed and IdP_ID is the provider ID.

The link for this deployment is:

http://www.sp.demo:81/affwebservices/public/saml2authnrequest?ProviderID=
idp.demo&ProtocolBinding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact

The HTML source file with the link might look like the following:

<a href="http://www.sp.demo:81/affwebservices/public/saml2authnrequest?ProviderID=
idp.demo&ProtocolBinding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
Link for ARTIFACT Single Sign-on</a>

The AuthnRequest Service redirects the user to the Identity Provider specified in the link to retrieve the user's authentication context. After the Identity Provider authenticates the user and establishes a session, it directs the user back to the target resource at the Service Provider.

Note: The ProviderID in the Authnrequest link must match the IdP ID field value specified by the SAML authentication scheme at the SP. The IdP ID field is located on the Scheme Setup tab of the Authentication Scheme Properties dialog.

You should now be ready to test single sign-on. Follow the steps to test SP-initiated single sign-on.


Copyright © 2010 CA. All rights reserved. Email CA about this topic