Browser-based SSO (also known as Browser SSO) relies on a user's web browser and HTTP requests to broker identity-federation messaging (in XML or JWT) between an IdP and an SP (in contrast to WS-Trust STS messaging, which is typically application-driven across the back channel and does not require browser mediation).

To continue, click Configure Browser SSO.


Many steps involved in setting up a federation connection are protocol-independent; that is, they are required steps for all connections, regardless of the associated standards (see Federation roles). Also, for any given connection, some configuration steps are required under the applicable protocol, while others are optional. Still others are required only based on certain selections. The administrative console determines the required and optional steps based on the protocol and dynamically presents additional requirements or options based on selections.

The following sections provide sequential information about every step you might encounter while configuring browser-based SSO, regardless of the protocol you are using for a particular connection.

SAML 2.0 configuration steps

SAML 1.x configuration steps

WS-Federation configuration steps

OpenID Connect configuration steps

After configuring SSO settings, you will normally need to configure authentication credentials, the range of which depends on your SSO selections (see Configuring security credentials). Also, other configuration tasks may remain to be configured for new or modified connections, depending on the selected options on the Connection Options screen.