SAML 2.0 Indexed Endpoints

Scripting and Programming Guides › Developer's Guide for C › Policy Management API › Federation Security Services › SAML 2.0 Indexed Endpoints

SAML 2.0 Indexed Endpoints

When configuring single sign-on at the Identity Provider, you can configure more than one endpoint for the Assertion Consumer Service, the service that enables a Service Provider to consume a SAML assertion. Each endpoint you configure is assigned a unique index value, instead of a single, explicit reference to an Assertion Consumer Service URL.

The assigned index can be used as a part of a Service Provider request for an assertion that it sends to the Identity Provider. This enables you to have a different Assertion Consumer Service at the Service Provider for different protocol bindings (Artifact or POST).

In the Policy Management API, you can, for example, add a new Assertion Consumer Service to the Service Provider programmatically by calling the Sm_PolicyApi_AddAssertionConsumerServiceToSAMLSP() function as follows:

iSmApiRetCode = Sm_PolicyApi_AddAssertionConsumerServiceToSAMLSP (

pSmApiSessionHandle,
&structSAMLSPACS2,
pszOid);

Parameters:

pSmAPiSessionHandle is a pointer to a structure that holds information about the administrative session and the client session.
pstructSAMLSPACS2 is a pointer to Sm_PolicyApi_SAMLSPAssertionConsumerService_t. This structure specifes the index, binding, and Assertion Consumer Service URL.
pszOid is a pointer to a string containng the OID of the Service Provider.

In addition, the API includes a function to remove an Assertion Consumer Service and a function to retrieve all the Assertion Consumer Services defined in the Service Provider object. The C Policy Management API sample program, smpolicyapiexample.cpp, shows how these functions are implemented.

More Information:

SAML 2.0 Indexed Endpoint Functions

Email CA Technologies about this topic