Previous Topic: Specify the User Store for the SP Policy ServerNext Topic: Configure the SAML 2.0 Authentication Scheme at the SP

Federation Security Services GuideDeploy Federation Using a Manual ConfigurationSet Up the Service ProviderSpecify the POST Binding Authentication at the SP

Specify the POST Binding Authentication at the SP

For the authentication scheme, indicate the single sign-on binding to be used so the Service Provider knows how to communicate with the Identity Provider.

To select a single sign-on binding at the SP

  1. Select the SSO tab from the SAML 2.0 Auth Scheme Properties dialog.
  2. Complete the following fields:
    Redirect Mode

    302 Cookie Data (default)

    User is redirected through an HTTP 302 redirect with a session cookie, but no other data.

    SSO Service
    http://www.idp.demo:80/affwebservices/public/saml2sso
    Audience

    sp.demo

    This value must match the value at the Identity Provider.

    Target
    http://www.sp.demo:81/spsample/protected/target.jsp

    If you begin the Target with http, enter the full path to the resource. A SiteMinder policy that uses the SAML 2.0 authentication scheme protects the target.

  3. Select the HTTP-POST.
  4. Clear the Enforce Single Use Policy option.

    Disabling this option makes the sample network noncompliant with SAML 2.0. If you want to enable the use of the single use policy feature, set up a session store at the Service Provider.

  5. Click OK until you exit the authentication scheme dialog.
  6. Keep the Policy Server User Interface open and Protect the Target Resource Using SAML 2.0 Authentication.