...
- Specify the Issuer. This should be equal to the
ServiceProviderID
value mentioned in theauthenticators.xml
of the relying party Carbon server. - Specify the Assertion Consumer URL. This is the URL to which the browser should be redirected after the authentication is successful. It should have this format:
https://(host-name):(port)/acs
. - Select Use fully qualified username in SAML Response if that feature is required.
- Select Enable Response Signing to sign the SAML2 Responses returned after the authentication.
- Select Enable Assertion Signing to sign the SAML2 Assertions returned after the authentication. SAML2 relying party components expect these assertions to be signed by the Identity Server.
- Select Enable Signature Validation in Authentication Requests and Logout Requests if you need this feature configured.
- Select Enable Single Logout so that all sessions are terminated once the user signs out from one server. You can enter a Custom Logout URL if required.
- Select Enable Attribute Profile to enable this and add a claim by entering the claim link and clicking the Add Claim button.
- Select Enable Audience Restriction to restrict the audience. You may add audience members using the Audience text box and clicking the Add Audience button.
- Select the Enable IdP Initiated SSO checkbox to enable identity provider initiated SSO.
Excerpt | ||
---|---|---|
| ||
Instructions on how to configure Single Sign-On across different Carbon Servers. |