Previous Topic: Protect Federation Web Services at the IdP (required-POST/Artifact)

Next Topic: Add a CA Certificate for an SSL Back Channel at the SP

Select the Artifact Binding at the IdP

For artifact single sign-on, you need to enable the artifact binding.

To configure artifact single sign-on

  1. Log in to the FSS Administrative UI.
  2. From the Domains tab, expand Federation Sample Partners and select SAML Service Providers to display the Service Providers.
  3. Select sp.demo and right-click to open the properties of this dialog.
  4. Select the SSO tab.
  5. Complete the following fields:
  6. Select the HTTP-Artifact check box.
  7. For the Artifact encoding, select URL.

    The artifact will be added to a URL-encoded query string.

  8. Complete the password fields:

    This is the password that sp.demo will use to access the Federation Web Services application at the Identity Provider. This value must also match the value at the Service Provider.

  9. For the Authentication Level, Validity Duration, and AuthnContext Class Ref fields, accept the defaults.

    In a test environment, you may want to increase the Validity Duration value above 60, the default, if you see the following message in the Policy Server trace log:

    Assertion rejected (_b6717b8c00a5c32838208078738c05ce6237) – current time (Fri Sep 09 17:28:33 EDT 2005) is after SessionNotOnOrAfter time (Fri Sep 09 17:28:20 EDT 2005)
    
  10. Click OK.
  11. Add a CA Certificate to the Smkeydatabase at the SP.


Copyright © 2010 CA. All rights reserved. Email CA about this topic