This page shows how to migrate a production SP deployment to support SAML V2.0 Web Browser SSO. We assume the SP deployment is currently consuming SAML V1.1 assertions and has the ability to consume SAML V2.0 assertions.
Preconditions:
- The SP deployment is currently in production
- The SP deployment is currently consuming SAML V1.1 assertions
- The SP software supports both SAML V1.1 and SAML V2.0
Procedure:
- Add one or more SAML 2.0 endpoints to metadata
- Add an encryption key to metadata
- Wait for the newly updated metadata to propagate throughout the Federation
- Configure the software with the corresponding decryption key
- Configure the software to issue SAML V2.0 authentication requests
Procedural details:
TBD