For a SAML or WS-Federation custom connector, the destination service provider for the application is the trusted partner. Each connector requires information about how they support federation for the SAML protocol or WS-Federation protocol.
Table A-1 Worksheet for a SAML or WS-Federation Custom Connector
Gather the following information: |
|
---|---|
Which federation specifications will be used with various trusted partners?
|
|
Is the metadata (SAML/WS-Federation) from the trusted partner available? |
|
What profiles will you use to federate with your partners?
|
|
Is encryption of the assertions required? If so, which transport security protocols and certificates will be used? |
|
What user information is required by your partner for SSO? For example: email address, CN, and so on. |
|
What name identifier format does your partner expect?
|
|
What attributes are required by your partner? Does a sample assertion exist from the trusted partner? |
|
To what URL on the partner side should an assertion or a claim be sent? (Assertion Consumer Service URL) |
|
To what URL on the partner side should a logout request be sent? (Logout URL and/or Logout Response URL) |
|
Do users need to be redirected to a specific application URL after an assertion has been successfully validated? (Destination URL) |
|
What are the contact details for the trusted partner (or partners), should we need to get them involved? |
|
All information needed by the trusted partner is available via the metadata at
https://appliance_dns_name/osp/a/t1/auth/saml2/metadata
|