The settings your IdP manages include:
  • User attributes that you expect to send in a single sign-on (SSO) token, including SAML assertions, WS-Trust STS SAML tokens, or WS-Federation JSON Web Tokens (JWT).
  • User attributes that are sent using the SAML Attribute Query profile, if that profile is used. For more information, see Configuring the Attribute Query profile in an SP connection.
  • The protocol, profiles, and bindings of the connection, including detailed security specifications such as the use of back-channel authentication, digital signatures, signature verification, and XML encryption

To establish a connection, you and your partner must decide this information in advance. For more information, see Federation planning checklist.

If your agreement includes sending assertions containing attribute values from local datastores, you must define the required datastores. For more information, see Datastores.

Administrative interface

Manage connection settings using the SP Affiliations window, accessed from System > Protocol Metadata, which organizes the settings into a series of primary tasks.

Some primary tasks have one or more levels of sub task. Each primary or sub task has its own tab for managing one or more settings. You can move to a sibling task using the Next or Previous button. If you are on a sub task, you can also move to its parent task using the Done button.

When creating a new connection, you can save your progress using the Save Draft button. Not all windows offer this option. When you reach the Activation & Summary tab, you must click Save to complete the new connection.

When editing an existing connection, make changes and then click Save to commit your changes. You are not required to step through all window to reach the Activation & Summary window before you can save your changes.

Note:

The Save button is available on most tabs. If a window does not show a Save button, click Next or Done until you reach a window where you can use its Save button to commit your changes.