SECURING
About this task
You can customize the protocol used for the TFIM assertion post URL so that it is https by ensuring that the Assertion Consumer Service URL contains https.
The Domino IdP Configuration document in the IdP Catalog specifies the Service Provider ID argument (SP_PROVIDER_ID) used in building the redirect URL to the IdP. For example, if SSL is not being configured for Domino, the redirect URL to the IdP looks the example in step 2. The Provider ID can be set at the IdP and at Domino (in the IdP Configuration document) to specify https, although the primary purpose of the SP_Provider_ID is to have the IdP setting match the setting at Domino in the IdP Configuration document.
Note: If you specify https in the Assertion Consumer Service URL, you will see a connection error if SSL is not configured at the Domino Web server.
Procedure
1. Make note of the value in the Provider ID field in the TFIM Partners SAML Message Settings configuration.
2. If SSL is not being configured for Domino, use this value for the SP_PROVIDER_ID argument (in the following example, your_provider_id):
At the SAML IdP, the provider id is used to find the matching IdP partner.
When configuring SSL at the Domino Web server, if you are monitoring the redirect URL to the IdP, you should see the TARGET containing https:
https://your_WebSphere_server_name:9443/sps/saml11idp/saml11/login?SP_PROVIDER_ID=https://your_Domino_server_name&TARGET=https://your_Domino_server_name/names.nsf
Note: The Domino Web server name must be the fully qualified host name.
For more information on the SP_PROVIDER_ID argument, see the related topic on the Internet transfer URL.
Parent topic: Configuring SAML in Domino Previous topic: Configuring SAML from the Internet Site (Web Site) document Next topic: Encrypting SAML assertions
Related information SAML 1.x initial URL Configuring a port for SSL