Show TOC

Configuring Support for Enhanced Client or ProxyLocate this document in the navigation structure

Prerequisites

The ECP knows or is capable of discovering which identity provider the service provider trusts.

Context

The Enhanced Client or Proxy (ECP) profile of the SAML 2.0 specification is useful in the following situations:

  • You have a client with extended capabilities and you want the client to take on more responsibility in the exchange. For example, the client can determine the appropriate identity provider.

  • Your client has limited capabilities so you delegate some of these tasks to an enhanced proxy. For example, a wireless access point (WAP).

  • You cannot use other bindings. Some possible examples are as follows:

    • The client does not support redirects.

    • The client does not support JavaScript, preventing auto form post.

    • A firewall prevents the identity provider and service provider from communicating directly, preventing the artifact binding.

The ECP profile enables the client to contact the identity provider with the authentication request generated by the service provider. Exchanges between the ECP and the service provider use PAOS.

Procedure

  1. Start the SAML 2.0 configuration application (transaction SAML2).
  2. On the Local Provider tab, choose the Service Provider Settings tab.
  3. Choose the Edit pushbutton.
  4. Under Assertion Consumer Service, make sure that you have selected PAOS as a supported binding.
  5. Save your entries.
  6. Configure the identity provider to support the PAOS solution.

    For more information, see the documentation supplied by the identity provider vendor.