SAML 1.1 service provider worksheet
If you assume the role of the service provider in the federation, and use SAML 1.1, record your configuration information in the following tables.
General Information Description Your value Federation name The unique name you give to the federation. Role The role you provide in the federation. (In these instructions, we are the service provider.) Service provider Company name The name of the company creating this provider.
Federation Protocol Description Your value Protocol The SAML protocol you and the partner use in the federation. SAML 1.1
Point of contact server Description Your value Point of contact server URL The URL that provides access to the endpoints on the point of contact server.
Sets Description Your value Enable one-time assertion use enforcement This setting is to ensure the SAML assertion is used only once.
- True
- False
Include the following attribute types in the SAML assertions Provide attribute types in the value text box. A "*" means include all types. It is selected by default.
Signatures Description Your value Sign Artifact Resolution Requests A check box that indicates that you will sign request messages. Default value: No signing. The check box is not selected. One of the following:
- Sign request messages. (Select check box.)
- Do not sign request messages. (Clear check box.)
Select Signing Key
- Keystore in IBM Security Verify Access key service, where the key is stored
- Private key you will use to sign request messages
If we select the check box, we must supply the signing key that you will use to sign the requests. Be sure we have created the key and imported it into the appropriate keystore in the IBM Security Verify Access key service prior to this task.
- Keystore name
- Certificate Label
Identity mapping Description Your value Identity mapping options
- User JavaScript transformation for identity mapping
- Use an external web service for identity mapping
If we configure an identity provider, this mapping specifies how to create an assertion containing attributes mapped from a local user account. If we configure a service provider, this mapping specifies how to match an assertion from the partner to the local user accounts.
If we choose JavaScript for mapping, on a subsequent panel, we are asked to select the JavaScript file to use. If we choose an external web service, on a subsequent panel, we are asked to provide the following information:
- URI format (HTTP or HTTPS)
- Web service URI
- Server Certificate database, if the URI format is HTTPS
- Client authentication type, if the URI format is HTTPS
- Message format:
- XML
- WS-Trust
Parent topic: Gather the federation configuration information