SSO SP-Initiated OpenAM

0
votes

I am in the current process of doing a SP Initiated SSO.

  • The IDP is PingOne
  • The SP (us) is openAM

I always have been doing IDP Initiated SSO.

So we have the IDP Initiated SSO setup and everything is working perfectly. We have now to make it SP Initiated.

I understand the theory behind it but I have no clue on how to implement it !

So far I was thinking that the URL I need to give them is something like that maybe ??? :

https://sso/saml2/jsp/spSSOInit.jsp?metaAlias=/{idpRealm}/sp&idpEntityID={idpEntityId}

But when I hit that I get nothing, just a blank page ?

Some help would definitely be welcome :)

2
single-sign-onopenam

2 Answers

0
votes

The URL should be more like:

https://sp.example.com:8080/openam/spssoinit?metaAlias=/{spRealm}/{spMetaAlias}&idpEntityID={idpEntityID}

/spssoinit is actually just a shortcut to /saml2/jsp/spSSOInit.jsp, so you should be able to use either of those. The main point here really is that the metaAlias is always the hosted entity's. If you don't know the exact metaAlias value, you should be able to look it up under the (hosted) entity's configuration in the admin console under the Services tab.

0
votes

It should be link this for SP-initialed SSO

https://youropenam.com:8443/OpenAM-13.0.0/saml2/jsp/spSSOInit.jsp?metaAlias=/YOUR_SP_ALIAS/sp&NameIDFormat=transient&idpEntityID=your_IdP_encoded&binding=HTTP-POST&RelayState=Your_SP_endpoint