FederationFederation Security Services GuideDeploying Federation without the FSS Sample ApplicationSet Up the Service Provider › Specify the POST Binding Authentication at the SP

Previous Topic: Test Federation Web Services

Next Topic: Configure the SAML 2.0 Authentication Scheme at the SP
Specify the POST Binding Authentication at the SP

For the authentication scheme, you must indicate the single sign-on binding to be used so the Service Provider knows how to communicate with the Identity Provider.

To select a single sign-on binding at the SP

  1. Select the SSO tab from the SAML 2.0 Auth Scheme Properties dialog.
  2. Complete the following fields:
    Redirect Mode

    302 Cookie Data (default)

    User is redirected via an HTTP 302 redirect with a session cookie, but no other data.

    SSO Service
    http://www.idp.demo:80/affwebservices/public/saml2sso
    Audience

    sp.demo

    This value must match the value at the Identity Provider.

    Target
    http://www.sp.demo:81/spsample/protected/target.jsp

    If you begin the Target with http, enter the full path to the resource. The target must be protected by a SiteMinder policy that uses the SAML 2.0 authentication scheme.

  3. Check the HTTP-POST check box.
  4. Deselect the Enforce Single Use Policy check box.

    Unchecking this box makes the sample network non-compliant with SAML 2.0. If you want to enable the use of the single use policy feature you must set up a session store at the Service Provider.

  5. Click OK until you exit the authentication scheme dialog.
  6. Keep the Policy Server User Interface open and Protect the Target Resource Using SAML 2.0 Authentication.