Federation Security Services Guide › Overview of a SiteMinder Federation Partnership Setup › Set Up Consuming Authority Components › Create Links to Initiate Single Sign-on (optional) › Initiate SAML 2.0 Single Sign-on at the SP (optional)

Initiate SAML 2.0 Single Sign-on at the SP (optional)

If a user visits the Service Provider first (POST or artifact binding) before visiting the Identity Provider, you have to create an HTML page at the Service Provider that contains hard-coded links to the Service Provider's AuthnRequest Service, which in turn redirects the user to the Identity Provider to fetch the authentication context. The page with the HTML link to the Identity Provider has to reside in an unprotected realm.

The hard-coded link that the user clicks at the Service Provider must contain certain query parameters. These parameters are supported by an HTTP GET request to the AuthnRequest service at the Service Provider's Policy Server.

For SAML 2.0 (artifact or profile), the syntax for the link is:

http://SP_site/affwebservices/public/saml2authnrequest?ProviderID=IdP_ID

• sp_server:port

  Specifies the server and port number at the Service Provider that is hosting the Web Agent Option Pack or the SPS federation gateway.

  • IdP_ID

  Specifies the identity assigned to the Identity Provider

You may need to add the ProtocolBinding query parameter to this link depending on which bindings are enabled. For details on configuring links at the Service Provider and a sample link, see Set Up Links at the IdP or SP to Initiate Single Sign-on.

Note: You do not need to HTTP-encode the query parameters.

You can also create links at the Identity Provider.