...
Finally, you need to configure the Identity Server to act as the Single Sign-on provider. Each relying party should be registered as a service provider at the Identity Server-end. The following is a sample configuration for registering a Carbon server as a service provider.
- Specify the " Issuer. " This should be equal to the
ServiceProviderIDvalue mentioned in theauthenticators.xmlof the relying party Carbon server. - Specify the " Assertion Consumer URL. " This is the URL to which the browser should be redirected after the authentication is successful. It should have this format:
https://(host-name):(port)/acs. - Select Use fully qualified username in SAML Response if that feature is required.
- Select " Enable Response Signing to sign the SAML2 Responses returned after the authentication.
- Select Enable Assertion Signing" to to sign the SAML2 Assertions returned after the authentication. SAML2 relying party components expect these assertions to be signed by the Identity Server.
- Select " Enable Signature Validation in Authentication Requests and Logout Requests if you need this feature configured.
- Select Enable Single Logout" so so that all sessions will be are terminated once the user signs out from one server.
. You can enter a Custom Logout URL if required.
- Select Enable Attribute Profile to enable this and add a claim by entering the claim link and clicking the Add Claim button.
- Select Enable Audience Restriction to restrict the audience. You may add audience members using the Audience text box and clicking the Add Audience button.
| Excerpt | ||
|---|---|---|
| ||
Instructions on how to configure Single Sign-On across different Carbon Servers. |