Previous Topic: Identify the SP, IdP, and Other General SettingsNext Topic: Federation Web Services Access

Federation Security Services GuideDeploy Federation Using a Manual ConfigurationSet Up the Identity ProviderConfigure POST Single Sign-on at the IdP

Configure POST Single Sign-on at the IdP

You need to specify the SAML 2.0 binding you want to use for single sign-on.

To configure single sign-on with POST binding

  1. Select the SSO tab.

    Complete the following fields:

    Audience

    sp.demo

    Assertion Consumer Service
    http://www.sp.demo:81/affwebservices/public/
saml2assertionconsumer

    This is the URL of the Assertion Consumer Service. For your network, the server you specify is the SP web server where the Web Agent Option Pack is installed.

    HTTP-POST

    select this check box

    Authentication Level

    5 (default)

    Validity Duration

    60 (default)

    In a test environment, if you see the following message in the Policy Server trace log, 

    Assertion rejected(_b6717b8c00a5c32838208078738c05ce6237) -current time
(Fri Sep 09 17:28:33 EDT 2005) is after SessionNotOnOrAfter time (Fri Sep 09 17:28:20 EDT 2005)

    you may want to increase the Validity Duration value above 60.
    AuthnContext Class Ref

    urn:oasis:names:tc:SAML:2.0:ac:classes:Password (default)

  2. Accept the default values for all other remaining fields.
  3. Click OK.
  4. Protect the Authentication URL.