Configuring back-channel authentication (SAML)
Depending on your browser single sign-on (SSO) use cases, the administrative console prompts you to configure authentication requirements for inbound messages, outbound messages, or both.
About this task
See the following table for more information about the back-channel configuration (SAML) authentication requirements.
Use case | Back-channel authentication requirements | Back-channel messages |
---|---|---|
A connection is configured with a SAML ACS endpoint that uses the artifact binding on Protocol Settings → Assertion Consumer Service URL. |
Inbound |
Artifact resolution requests |
A connection is configured with a SAML 2.0 SLO endpoint that uses the artifact binding on Protocol Settings → SLO Service URLs. |
Inbound |
Artifact resolution requests SOAP messages |
A connection is configured with a SAML 2.0 SLO endpoint that uses the SOAP binding on Protocol Settings → SLO Service URLs. |
Outbound |
SOAP SLO messages |
The SAML 2.0 Artifact binding is enabled on Protocol Settings → Allowable SAML Bindings. |
Outbound |
Outbound artifact resolution requests |
The SOAP binding is enabled on Protocol Settings → Allowable SAML Bindings. |
Inbound |
Inbound SOAP messages |
The SAML 2.0 Attribute Query profile is enabled on the Connection Options tab. |
Inbound |
Inbound Attribute Query requests |
Steps
-
See subsequent topics for configuration steps.