SAML 2.0 endpoints and URLs
Communications within a federation take place through endpoints on the servers of the identity provider and service provider partners. In a ISAM environment, endpoints fall into two categories:
- Endpoints that are specified by the federation specification (such as SAML 2.0) and are used for partner-to-partner communication.
- Endpoints that end users can access to initiate a single sign-on activity.
All endpoints can be accessed through URLs. The syntax of the URLs is specific to the purpose of the access and whether the access is by a partner or by an end user.
URLs for partner communication
The URLs used for partner-to-partner communication, such as the exchange of requests, in SAML 2.0 federations are referred to collectively as endpoint URLs. They can also be individually referred to by the name of the protocol and binding or service they are related to. Administrators who are responsible for installing, configuring, and maintaining the ISAM environment and the partner-to-partner communication in that environment will see references to these endpoint URLs and might find it helpful to understand their purpose. See Endpoint URL specifications.
URLs for user access
While the SAML specifications define the endpoints for partner-to-partner communication, they provide limited or no guidance about the endpoints or methods that end users must use to initiate single sign-on actions. ISAM supports specific URLs for end-user initiation of single sign-on actions.
In a SAML 2.0 federation, single sign-on actions can be initiated at the identity provider site or the service provider site. URLs that can be used by users to initiate a sign-on action are specific to the a single sign-on action, such as initiate a federated sign on, perform a single logout, or end account linkage. They are also specific to whether the action is being initiated at the identity provider or service provider site. In a ISAM environment, the URLs that can be used for initiating sign-on actions are referred to as profile initial URLs. Architects and application developers, who design and implement the interactions of their users with the single sign-on process, need to understand profile initial URLs.
See:
Parent topic: SAML profiles