How do I configure IdP or SP initiated Single Sign On in Identity Cloud or AM (All versions)?
The purpose of this article is to provide information on configuring IdP or SP initiated Single Sign On (SSO) in ForgeRock Identity Cloud or AM.
2 readers recommend this article
Configuring IdP or SP initiated Single Sign On
There are two JSP pages that you can include in the URL that you are calling when a user logs in to initiate SSO depending on whether it is IdP or SP initiated: idpSSOInit.jsp or spSSOInit.jsp respectively. For example, the following URL would provide single sign on initiated by the SP:
https://sp.example.com:8443/am/saml2/jsp/spSSOInit.jsp?metaAlias=/sp&idpEntityID=https%3A%2F%2Fidp.example.com%3A8443%2FamOptionally, you can call the jsp using idpssoinit or spssoinit under the context root instead. For example, the following URL would provide single sign on initiated by the IdP:
https://idp.example.com:8443/am/idpssoinit?metaAlias=/idp&spEntityID=https%3A%2F%2Fsp.example%3A8443%2FopenamYou can then specify the required parameters in the URL to control the resulting login behavior, using & to separate different parameters. See JSP pages for SSO and SLO (Identity Cloud) or JSP pages for SSO and SLO (AM) for further information on these parameters.
The metaAlias
parameter must be included in an IdP or SP initiated login URL, and either the spEntityID
parameter (for IdP initiated logins) or the idpEntityID
parameter (for SP initiated logins):
-
metaAlias
- this specifies the local alias for the provider in the format /realmname/providername. For the top level realm, exclude the realmname element, that is, just include /providername. -
spEntityID
- this specifies the remote service provider (for IdP initiated logins) and must be URL encoded. For example, for remote service provider https://sp.example:8443/am, you would specify: https%3A%2F%2Fsp.example%3A8443%2Fopenam -
idpEntityID
- this specifies the remote identity provider (for SP initiated logins) and must be URL encoded.
Note
See Also
How do I configure IdP or SP initiated Single Logout in Identity Cloud or AM (All versions)?
SAML 2.0 federation in Identity Cloud
SSO and SLO in standalone mode (Identity Cloud)
SSO and SLO in standalone mode (AM)
Related Training
ForgeRock Access Management Deep Dive (AM-410)
Related Issue Tracker IDs
N/A