|
|
|
If a user visits the Service Provider first (POST or artifact binding) before visiting the Identity Provider, you have to create an HTML page at the Service Provider that contains hard-coded links to the Service Provider’s AuthnRequest Service, which in turn redirects the user to the Identity Provider to fetch the authentication context. The page with the HTML link to the Identity Provider has to reside in an unprotected realm.
The hard-coded link that the user clicks at the Service Provider must contain certain query parameters. These parameters are supported by an HTTP GET request to the AuthnRequest service at the Service Provider’s Policy Server.
For SAML 2.0 (artifact or profile), the syntax for the link is:
http://SP_site/affwebservices/public/saml2authnrequest?ProviderID=IdP_ID
Specifies the server and port number at the Service Provider that is hosting the Web Agent Option Pack or the SPS federation gateway.
Specifies the identity assigned to the Identity Provider
You may need to add the ProtocolBinding query parameter to this link depending on which bindings are enabled. For details on configuring links at the Service Provider and a sample link, see Set Up Links at the IdP or SP to Initiate Single Sign-on.
Note: You do not need to HTTP-encode the query parameters.
You can also create links at the Identity Provider.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |