10.3 Configuring Authentication for a Trusted Service Provider
After you create a trusted service provider, you can configure how your Identity Server responds to authentication requests from the service provider.
-
In the Administration Console, click > > > > > > > .
-
Fill in the following fields as required:
Authentication Response Binding: Specifies whether to use or if the request from the trusted service provider does not specify a response binding. Select to provided an increased level of security by using a back-channel means of communication between the two servers. Select to use HTTP redirection to accomplish communication between servers.
-
Persistent Identifier Format: Specifies whether to use this format and make it the default identifier format. A persistent identifier is written to the directory and remains intact between sessions.
-
Transient Identifier Format: Specifies whether to use this format and make it the default identifier format. A transient identifier expires between sessions.
Use Proxied Requests: Enables proxying for the service provider. If disabled, no proxying is allowed.
For example, the service provider can authenticate a user to IDP B through IDP A, when no trust relationship exists between the service provider and IDP B. This feature is allowed by default. However, you can disable the service provider’s ability to use proxied requests. In order to use this, you must specify Silent Login on IDP A.
Proxying can also be used to achieve single sign-on when the trust authentication types and contracts differ between identity providers, or when identity providers are using multiple protocols, such as when one identity provider communicates via SAML 2.0, and another uses Liberty.
Provide Discovery Services: Advertises to the service provider the Web services available at the Identity Server. This option is required if the identity provider is to provide services to the service provider.
-
-
Click .