Federation Security Services Guide › Deploying Federation without the FSS Sample Application › Set Up the Service Provider › Specify the POST Binding Authentication at the SP

Specify the POST Binding Authentication at the SP

For the authentication scheme, you must indicate the single sign-on binding to be used so the Service Provider knows how to communicate with the Identity Provider.

To select a single sign-on binding at the SP

1. Select the SSO tab from the SAML 2.0 Auth Scheme Properties dialog.
2. Complete the following fields:
   • Redirect Mode

     302 Cookie Data (default)

     User is redirected via an HTTP 302 redirect with a session cookie, but no other data.

   • SSO Service

     http://www.idp.demo:80/affwebservices/public/saml2sso
     

   • Audience

     sp.demo

     This value must match the value at the Identity Provider.

   • Target

     http://www.sp.demo:81/spsample/protected/target.jsp
     

     If you begin the Target with http, enter the full path to the resource. The target must be protected by a SiteMinder policy that uses the SAML 2.0 authentication scheme.

3. Check the HTTP-POST check box.
4. Deselect the Enforce Single Use Policy check box.

   Unchecking this box makes the sample network non-compliant with SAML 2.0. If you want to enable the use of the single use policy feature you must set up a session store at the Service Provider.

5. Click OK until you exit the authentication scheme dialog.
6. Keep the Policy Server User Interface open and Protect the Target Resource Using SAML 2.0 Authentication.