To enable the system to verify the identity of requestors, configure the identity provider (IdP) for your SAML SSO authentication service. You configure the identity provider by importing values from a file or by entering them manually.
- Open the service from the navigation panel in Dev Studio by clicking and choosing a service from the instance list. On the SAML 2.0 tab, navigate to the Identity Provider (IdP) information section.
- If you are configuring the identity provider by importing the configuration, complete
- Click Import IdP metadata.
- Select the source of the metadata ( via URL or via file ), and then enter the URL or file path.
- Click Submit.
- If you are configuring the identity provider by entering values manually, complete
- In the Entity Identification (Issuer) field, enter the entity ID for the identity provider.
- In the Login (SSO) protocol binding list, select the
standard communication protocol that is supported for the response message:
- HTTP POST – SAML protocol messages are transmitted in an HTML form with base64-encoded content.
- HTTP Artifact – SAML protocol messages are transmitted using a unique identifier called an artifact. Select this protocol if you do not want to expose the content of the SAML message during connection.
- HTTP Redirect – SAML protocol messages are transmitted within URL parameters.
- In the Login location field, enter a login service.
- In the Logout (SLO) protocol binding list, select the standard communication protocol that is supported for the response message: HTTP Redirect or SOAP.
- Optional: In the Logout location field, enter a logout service.
- If your Login (SSO) protocol binding is HTTP Artifact, then in the Artifact Resolution Service (ARS) location field, enter the URL that is used by the service provider to send the artifact resolve request to the Identity Provider. Otherwise, leave the field blank.
- In the Verification certificate section, click the Pencil icon to enter the certificate alias.
- In the CERTIFICATE STORE field, press the Down Arrow key
and select the keystore that contains the IdP public key that is used for verifying
the signature of the SAML assertion.
- Click Submit.
- Optional: In the TLS/SSL truststore field, press the Down Arrow key
and select the truststore record that contains the server certificate for a TSL or SSL
- Click Save.