...
- Update the metadata for SAML V2.0
- Add one or more SAML V2.0 endpoints to metadata
- Add an encryption key to metadata (if necessary)
- Wait for the newly updated metadata to propagate throughout the Federation
- Configure the software for SAML V2.0 Web Browser SSO
- Configure the software with the corresponding decryption key (if necessary)
- Configure the software to issue SAML V2.0 authentication requests
- Configure the software to consume SAML V2.0 assertion responses
...
The software is also configured to issue SAML V2.0 authentication requests and consume SAML V2.0 assertion responses at step 3. One or more endpoint configurations are required, depending on the <md:AssertionConsumerService> endpoint(s) added to metadata at step 1. To test your software's ability to consume SAML V2.0 assertion responses, independently push an unsolicited response to each configured <md:AssertionConsumerService> endpoint enabled at the previous step. Unsolicited responses are . Since an unsolicited response is initiated at the IdP and are described in the FAQ, an explicit authentication request is bypassed, which simplifies testing. (See the FAQ for more details about unsolicited responses).
Finally, test your software's ability to issue SAML V2.0 authentication requests by initiating SAML Web Browser SSO at the SP itself.