Enable SAML 2.0 HTTP-POST Binding

Contents
casso127
Contents
2
For authentication and single log-out requests, you can enable SAML 2.0 HTTP POST binding as a method for exchanging requests and responses.
 The authentication request binding is different than the SSO binding. The SSO binding determines the profile that dictates how assertions, protocols, and bindings work together to handle a specific use case.
This procedure assumes that you are familiar with federated environments and have created and activated one or more of the following partnerships:
  • IdP to SP
  • SP to IdP
The following graphic describes how to enable SAML 2.0 HTTP POST binding:
HTTP-POST binding configuration process
HTTP-POST binding configuration process
Enable the HTTP POST Binding at the IdP
You can enable the HTTP-POST binding at the IdP.
Important! Before you configure the authentication request binding, enable the session store. For the IdP to handle an authentication request that is delivered using HTTP-POST binding, the IdP must store the request in the session
Enable the Session Store
Follow these steps:
  1. Open the Policy Server Management Console and select the Data tab.
  2. Set the following fields:
    Database
         Session Store
    Storage
         Select the storage repository.
    Session Store Enabled
         Check this box
  3. Complete the Datasource information.
  4. Click OK to save the changes.
Configure the binding in the Administrative UI
Follow these steps:
  1. Open the Administrative UI.
  2. If the partnership that you want to modify is active, deactivate it.
  3. Click Modify to open the partnership wizard.
  4. Navigate to the SSO and SLO tab in the partnership wizard.
  5. In the SSO section, select HTTP-POST for the Authentication Request Binding.
    You can select the HTTP-Redirect and HTTP-POST bindings together for authentication requests.
  6. (Optional) In the SLO section, select the HTTP-POST check box.
    You can select more than one SLO binding.
  7. Specify a SLO service URL with a binding that matches the SLO binding. If you picked the HTTP-Redirect and HTTP-POST bindings, create two SLO service URLs, one for each SLO binding.
  8. Complete any other partnership information as needed.
  9. At the confirm step, click Finish.
SSO HTTP-POST binding is enabled.
Enable the HTTP POST Binding at the SP
You can enable the HTTP-POST binding for authentication and SLO requests at the SP.
Follow these steps:
  1. Open the Administrative UI.
  2. If the partnership that you want to modify is active, deactivate it.
  3. Click Modify to open the partnership wizard.
  4. Navigate to the SSO and SLO tab in the partnership wizard.
  5. In the SSO section, select HTTP-POST for the Authentication Request Binding.
    You can select the HTTP-Redirect and HTTP-POST bindings together for authentication requests.
  6. Specify a remote SSO service URL with a binding that matches the Authentication Request Binding. For example, if you picked HTTP-Redirect and HTTP-POST bindings, create two SSO Service URLs, one for each binding.
  7. (Optional) In the SLO section, select the HTTP-POST check box.
    You can select more than one SLO binding.
  8. Specify an SLO Service URL with a binding that matches the SLO binding. For example, if you picked HTTP-Redirect and HTTP-POST SLO bindings, create two SLO Service URLs, one for each binding.
  9. Complete any other partnership information as needed.
  10. At the confirm step, click Finish.
SSO HTTP-POST binding is enabled.