Administration Console Online Help

Previous Next Open TOC in new window
Content starts here

Configure SAML 2.0 Identity Provider services

Before you begin

You can use the Federation Services > SAML 2.0 Identity Provider page to configure this server in the role of SAML 2.0 Identity Provider. A SAML 2.0 Identity Provider creates, maintains, and manages identity information for principals, and provides principal authentication to other Service Provider partners within a federation by generating SAML 2.0 assertions for those partners.

To configure a server as a SAML 2.0 Identity Provider:

  1. If you have not already done so, in the Change Center of the Administration Console, click Lock & Edit (see Use the Change Center).
  2. In the left pane, select Environment > Servers and click the name of the server you are configuring (for example, myserver).
  3. Select Configuration > Federation Services > SAML 2.0 Identity Provider.
  4. Select Enabled to activate this server's SAML 2.0 services in the role of Identity Provider.
  5. Select Only Accept Signed Authentication Requests if you want to ensure that any incoming authentication requests must be signed. For information about the implications of enabling this option, see Configuring an Identity Provider Site for SAML 2.0 Single Sign-On.
  6. If you are using a custom login web application to which unauthenticated requests are directed:
    1. Select Login Customized.
    2. Enter the URL of the custom login web application.
    3. Enter the login return query parameter.

      The query parameter is a unique string that the SAML 2.0 services uses to hold the login return URL for the local single sign-on service servlet. (Note that, as an alternative, the login return URL can also be specified in the login web application.)

    For more information about using a custom login web application, see Configuring SAML 2.0 Services.

  7. Set the SAML bindings for which this server is enabled, and select the preferred binding type.
  8. Select Replicated Cache if you want SAML 2.0 artifacts and authentication requests to be stored in LDAP or RDBMS. If this attribute is not enabled, artifacts and requests are saved in memory.
  9. Set the options to enable and configure encryption for SAML 2.0 assertions:
    1. Select Assertion Encryption to enable encryption for SAML 2.0 assertions.
    2. Optionally, update the default values of encryption algorithms in the Key Encryption Algorithm and the Data Encryption Algorithm fields.
  10. Click Save.
  11. If you are configuring SAML 2.0 Identity Provider services for web single sign-on, select SAML 2.0 General, and click Publish Meta Data.

    For more information about publishing SAML 2.0 metadata, see Publishing and Distributing the Metadata File.

  12. To activate these changes, in the Change Center of the Administration Console, click Activate Changes.
    Not all changes take effect immediately—some require a restart (see Use the Change Center).

After you finish

Coordinate with your federated partners to ensure that the SAML bindings you have enabled for this SAML authority, as well as your requirements for signed documents, are compatible with your partners. For more information, see Create and Configure Web Single Sign-On Service Provider Partners.

Related Tasks

Related Topics

Back to Top