|
|
|
If a user visits the Service Provider first and then goes to an Identity Provider, you have to create an HTML page at the Service Provider containing hard-coded links to the AuthnRequest service at the Service Provider. These links redirect the user to the Identity Provider to be authenticated as well as determining what is included in the AuthnRequest itself.
The hard-coded link that the user selects must contain specific query parameters. These parameters are supported by an HTTP GET request to the AuthnRequest service at the Service Provider's Policy Server.
Note: The page with these hard-coded links has to reside in an unprotected realm.
To specify the use of artifact or profile binding for the transaction, the syntax for the link is:
http://SP_server/affwebservices/public/saml2authnrequest?ProviderID=IdP_ID& ProtocolBinding=URI_of_binding
Specifies the server and port number at the Service Provider that is hosting the Web Agent Option Pack or the SPS federation gateway.
Specifies the identity assigned to the Identity Provider
Identifies the URI of the POST or Artifact binding for the ProtocolBinding element. This URI is defined by the SAML 2.0 specification.
A binding must also be enabled for the SAML authentication scheme for the request to work.
Note the following:
| Copyright © 2010 CA. All rights reserved. | Email CA about this topic |