Using Intersite Transfer Service Links on Web Pages

You can use the Intersite Transfer Service URL on a web page that provides links to various protected resources requiring authentication with a specific identity provider and a specific protocol. Links on this web page are configured with the URL of the Intersite Transfer Service of the identity provider to be used for authentication. Clicking these links directs the user to the appropriate identity provider for authentication. Following successful authentication, the identity provider sends a SAML assertion to the service provider. The service provider uses the SAML assertion to verify authentication, and then redirects the user to the destination URL as specified in the TARGET portion of the Intersite Transfer Service URL.

The following are sample links. These links demonstrate the use of SAML 1.1, SAML 2.0, and Liberty formats for the Intersite Transfer Service URL:

Figure 2-24 illustrates a network configuration:

Figure 2-24 Using the Intersite Transfer Service URL

In this example, Site Z places links on its web page, using the Intersite Transfer Service URL of Site A. These links trigger authentication at Site A. If authentication is successful, Site A sends an assertion to Site B. Site B verifies the authentication and redirects the user to the myapp application.

When defining the intersite transfer URL within Administration Console, you can define an id and target for the SAML service provider (SP) you are accessing. For more information about accessing an Identity Server intersite transfer URL with a specific contract, see TID 7005810.