How do I configure IdP or SP initiated Single Sign On in Identity Cloud or AM (All versions)?
The purpose of this article is to provide information on configuring IdP or SP initiated Single Sign On (SSO) in ForgeRock Identity Cloud or AM.
2 readers recommend this article
Configuring IdP or SP initiated Single Sign On
There are two JSP pages that you can include in the URL that you are calling when a user logs in to initiate SSO depending on whether it is IdP or SP initiated: idpSSOInit.jsp or spSSOInit.jsp respectively. For example, the following URL would provide single sign on initiated by the SP:https://sp.example.com:8443/am/saml2/jsp/spSSOInit.jsp?metaAlias=/sp&idpEntityID=https%3A%2F%2Fidp.example.com%3A8443%2Fam
Optionally, you can call the jsp using idpssoinit or spssoinit under the context root instead. For example, the following URL would provide single sign on initiated by the IdP:https://idp.example.com:8443/am/idpssoinit?metaAlias=/idp&spEntityID=https%3A%2F%2Fsp.example%3A8443%2Fopenam
You can then specify the required parameters in the URL to control the resulting login behavior, using & to separate different parameters. See JSP pages for SSO and SLO (Identity Cloud) or JSP pages for SSO and SLO (AM) for further information on these parameters.
metaAlias parameter must be included in an IdP or SP initiated login URL, and either the
spEntityID parameter (for IdP initiated logins) or the
idpEntityID parameter (for SP initiated logins):
metaAlias- this specifies the local alias for the provider in the format /realmname/providername. For the top level realm, exclude the realmname element, that is, just include /providername.
spEntityID- this specifies the remote service provider (for IdP initiated logins) and must be URL encoded. For example, for remote service provider https://sp.example:8443/am, you would specify: https%3A%2F%2Fsp.example%3A8443%2Fopenam
idpEntityID- this specifies the remote identity provider (for SP initiated logins) and must be URL encoded.
How do I redirect to a specific page after a successful IdP or SP initiated login in Identity Cloud or AM (All versions)?
SP initiated login fails in Identity Cloud or AM (All versions) with Service Provider ID is null error
How do I configure IdP or SP initiated Single Logout in Identity Cloud or AM (All versions)?
SAML 2.0 federation in Identity Cloud
SSO and SLO in standalone mode (Identity Cloud)
SSO and SLO in standalone mode (AM)
ForgeRock Access Management Deep Dive (AM-410)
Related Issue Tracker IDs