This section discusses what back-end Web site developers must do in order to utilize SAML single sign-on functionality provided in the SAML extension for Novell® iChain®.
A SAML single sign-on transaction has a referring site, where the user originally authenticated, and a receiving site, which is a partner site the user wants to access. The referring site is responsible for creating a SAML assertion on behalf of the user and redirecting that user to the appropriate SAML receiving resource on the receiving site. The receiving site is responsible for accepting the SAML assertion, authenticating the user, and providing the user with the target resource. A Web site developer can use the SAML extension for iChain to act as both a referring and receiving site.
This section discusses the following topics: