Federation Security Services Guide › Deploying Federation without the FSS Sample Application › Set Up the Service Provider › Configure the SAML 2.0 Authentication Scheme at the SP

Configure the SAML 2.0 Authentication Scheme at the SP

To authenticate users at the Service Provider, configure the SAML 2.0 authentication scheme. The assertion from the IdP provides the credentials for authentication.

To configure the SAML 2.0 authentication scheme

1. Log into the FSS Administrative UI.
2. From the menu bar, select Edit, System Configuration, Create Authentication Scheme.

   The Authentication Scheme Properties dialog opens.

3. Complete the following fields:

   Scheme Common Setup group box:

   • Name

     Partner IDP.demo Auth Scheme

   • Authentication Scheme Type

     SAML 2.0 Template

   • Protection Level

     5 (default)

   Scheme Setup tab fields:

   • SP ID

     sp.demo

   • IdP ID

     idp.demo

   • SAML Version

     2.0 (default)

   • Skew Time

     30 (default)

   Note: The SP ID and IdP ID values must match those at the IdP.

4. In the D-Sign Info box, select the Disable Signature Processing checkbox.

   Important! Disabling signing is intended only for debugging the initial single sign-on configuration. In a production environment, signature processing is a mandatory security requirement so signature validation must be enabled and the key store must be set up to validate signatures.

5. Click Additional Configuration.

   The SAML 2.0 Auth. Scheme Properties dialog opens.

6. Leave the Authentication Scheme Properties dialog open and Configure User Disambiguation at the SP.