FederationFederation Security Services GuideConfigure SiteMinder as a SAML 2.0 Identity ProviderSet Up Links at the IdP or SP to Initiate Single Sign-on › Service Provider-initiated SSO (POST or artifact binding)

Previous Topic: Unsolicited Response Query Parameters Used by a SiteMinder IdP

Next Topic: AuthnRequest Query Parameters Used by a SiteMinder SP
Service Provider-initiated SSO (POST or artifact binding)

If a user visits the Service Provider first and then goes to an Identity Provider, you have to create an HTML page at the Service Provider containing hard-coded links to the AuthnRequest service at the Service Provider. These links redirect the user to the Identity Provider to be authenticated as well as determining what is included in the AuthnRequest itself.

The hard-coded link that the user selects must contain specific query parameters. These parameters are supported by an HTTP GET request to the AuthnRequest service at the Service Provider’s Policy Server.

Note: The page with these hard-coded links has to reside in an unprotected realm.

To specify the use of artifact or profile binding for the transaction, the syntax for the link is:

http://SP_server/affwebservices/public/saml2authnrequest?ProviderID=IdP_ID&
ProtocolBinding=URI_of_binding
sp_server:port

Specifies the server and port number at the Service Provider that is hosting the Web Agent Option Pack or the SPS federation gateway.

IdP_ID

Specifies the identity assigned to the Identity Provider

URI_for_binding

Identifies the URI of the POST or Artifact binding for the ProtocolBinding element. This URI is defined by the SAML 2.0 specification.

A binding must also be enabled for the SAML authentication scheme for the request to work.

Note the following: