|
|
|
If a user visits the Identity Provider before going to the Service Provider, an unsolicited response at the Identity Provider needs to be initiated. To initiate an unsolicited response, you need to create a hard-coded link that generates an HTTP Get request that is accepted by the Federation Web Service application and the Assertion Generator. This HTTP Get request must contain a query parameter that provides the Service Provider ID for which the Identity Provider needs to generate the SAML assertion response. A user clicks this link to initiate the unsolicited response.
To specify the use of artifact or POST profile in the unsolicited response, the syntax for the unsolicited response link is:
http://idp_server:port/affwebservices/public/saml2sso?SPID=SP_ID& ProtocolBinding=URI_for_binding
Identifies the web server and port hosting the Web Agent Option Pack or SPS federation gateway.
Service Provider ID value.
Identifies the URI of the POST or Artifact binding for the ProtocolBinding element. This URI is defined by the SAML 2.0 specification.
The binding must also be specified in the SAML Service Provider properties for the unsolicited response to work.
Note the following:
Important! If you configure indexed endpoint support for Assertion Consumer Services, the binding you choose for the Assertion Consumer Service is overridden by the value of the ProtocolBinding query parameter in the link for an unsolicited response.
| Copyright © 2010 CA. All rights reserved. | Email CA about this topic |