For the HTTP-Artifact profile, the assertion retrieval service (SAML 1.x) and the artifact resolution service (SAML 2.0) retrieve the assertion at the asserting party. When these services send an assertion response to the relying party, they do so over a secure back channel. We strongly recommend that you protect these services and the communication across the back channel against unauthorized access.
Note: WS-Federation does not support the HTTP-Artifact profile.
To protect these services, specify an authentication scheme for the realm that contains the service at the asserting party. The authentication scheme dictates the type of credentials that the consuming service at the relying party must provide to access the relevant service across the back channel.
You can select one of the following authentication schemes:
For HTTP-Artifact single sign-on, the asserting party sends the assertion across a secure back channel to the relying party. For basic authentication, configure a password to access to the service that resolves the artifact and retrieves the assertion. The service then sends the assertion across the back channel to the relying party.
You can use Basic authentication with SSL is enabled; however, SSL is not required.
Note: The password is only relevant if you use Basic or Basic over SSL as the authentication method across the back channel.
Follow these steps: for the SAML 1.x Assertion Retrieval Service
Follow these steps: for the SAML 2.0 Artifact Resolution Service
|
Copyright © 2012 CA.
All rights reserved.
|
|