Federation Security Services GuideIdentify WS-Federation Resource Partners at the Account PartnerSet Up Links to Initiate WS-Federation Single Sign-on › Initiate Single Sign-on at the Resource Partner

Previous Topic: Initiate Single Sign-on at the Account Partner

Next Topic: Configure Attributes for WS-Federation Assertions (optional)

Initiate Single Sign-on at the Resource Partner

If a user starts at the Resource Partner to initiate single sign-on, typically the user goes to a site selection page at the Resource Partner to choose from a list of Account Partners where authentication takes place. The site selection page is in an unprotected realm.

The link on the site selection page points to the Single Sign-on Service at an AP and must contain the Provider ID of RP and optionally, other parameters, such as wct, which holds the value of the time in UTC format. After the link is selected, the user's browser is redirected to the Account Partner to get the assertion.

Copyright © 2010 CA. All rights reserved. Email CA about this topic