The profile specifies what methods of communication are available at the server for the Liberty protocol. These settings affect the metadata for the server and should be determined prior to publishing to other sites. If you have set up trusted providers, and then modify these profiles, the trusted providers need to reimport the metadata from this Identity Server.
In the Administration Console, click
> > > > .Configure the following fields for identity providers and service providers:
Login: Specifies whether to support Artifact or Post binding for login. Select one or more of the following for the identity provider and the service provider:
The
binding provides an increased level of security by using a back channel means of communication between the two servers during authentication.The
method uses HTTP redirection to accomplish communication between the servers.Single Logout: Specifies the communication method to use when the user logs out. Typically, you select both of these options, which enables the identity provider or service provider to accept both HTTP and SOAP requests. SOAP is used if both options are selected, or if the service provider has not specified a preference.
HTTP: Uses HTTP 302 redirects or HTTP GET requests to communicate logout requests from this identity site to the service provider.
SOAP: Uses SOAP over HTTP messaging to communicate logout requests from this identity provider to the service provider.
Federation Termination: Specifies the communication channel to use when the user selects to defederate an account. Typically, you select both of these options, which enables the identity provider or service provider to accept both HTTP and SOAP requests. SOAP is the default setting if the service provider has not specified a preference.
HTTP: Uses HTTP 302 redirects to communicate federation termination requests from this server.
SOAP: Uses SOAP back channel over HTTP messaging to communicate logout requests from this server
Register Name: Specifies the communication channel to use when the provider supplies a different name to register for the user. Typically, you select both of these options, which enables the identity provider or service provider to accept both HTTP and SOAP requests. SOAP is the default setting if the service provider has not specified a preference.
HTTP: Uses HTTP 302 redirects to communicate federation termination requests from this server.
SOAP: Uses SOAP back channel over HTTP messaging to communicate logout requests from this server.
Click
, then update the Identity Server.(Conditional) If you have set up trusted providers and have modified the profile, these providers need to reimport the metadata from this Identity Server.