For a SAML Inbound (SAML In) custom connector, the identity provider is the trusted partner. Each connector requires information about how they support SAML federation.
Table A-2 Worksheet for a SAML Inbound Custom Connector
Gather the following information: |
|
---|---|
Which federation specifications will be used with various trusted partners?
|
|
Is the SAML metadata from the trusted partner available? |
|
What profiles will you use to federate with your partners?
|
|
Which transport security protocols and certificates will be used? Assertions must be signed, and may be encrypted. |
|
What user information does the partner send for SSO? For example: email address, CN, and so on. |
|
What name identifier format does your partner send with an assertion?
|
|
What attributes does your partner send? Does a sample assertion exist from the trusted partner? |
|
To what URL on partner side should a logout request be sent? (Logout URL and/or Logout Response URL) |
|
What are the contact details for the trusted partner (or partners), should we need to get them involved? |
|
All information needed by the trusted partner is available via the metadata at
https://appliance_dns_name/osp/a/t1/auth/saml2/metadata
|