13.2 Configuring a SAML 1.1 Profile

Profiles control what methods of communication are available at the server for the SAML 1.1 protocol. These settings affect the metadata for the server and should be determined prior to publishing to other sites. If you have set up trusted providers, and then modify these profiles, the trusted providers need to reimport the metadata from this Identity Server.

  1. In the Administration Console, click Devices > Identity Servers > Edit > SAML 1.1 > Profiles.

  2. Configure the following fields:

    Login: Specifies the communication channel when the user logs in. Select one or more of these methods for the identity provider and the identity consumer:

    • The Artifact binding provides an increased level of security by using the back channel for communication between the two servers during authentication.

    • The Post method uses HTTP redirection to accomplish communication between servers.

      The Post method is enabled by default and you are not able to modify the default settings.The Post profile creates a metadata that includes only a Post binding on the Service Provider. If you have the default setup, then always both Artifact and Post options are enabled. If both the options are enabled, then by default Artifact binding is used. If Artifcact binding is disabled or removed, only Post method is used.

    Source ID: Displays the hexadecimal ID generated by the Identity Server for the SAML 1.1 service provider. This is a required value when establishing trust with a service provider.

  3. Click OK, then update the Identity Server.

  4. (Conditional) If you have set up trusted providers and have modified the profile, these providers need to reimport the metadata from this Identity Server.