The procedure for establishing trust between providers begins with obtaining metadata for the trusted provider. If you are using the NetIQ Identity Server, protocol-specific metadata is available via a URL.
Click Devices > Identity Servers > Servers > Edit > [Protocol].
For the protocol, select Liberty, SAML 1.1 or SAML 2.0.
Select one of the following actions:
New: Launches the Create Trusted Identity Provider Wizard or the Create Trusted Service Provider Wizard, depending on your selection. See one of the following for more information:.
Delete: Allows you to delete the selected identity or service provider.
Enable: Enables the selected identity or service provider.
Disable: Disables the selected identity or service provider. When a provider is disabled, the server does not load the definition. The definition is not deleted, and at a future time, the provider can be enabled.
IMPORTANT:The logout behavior of the SAML 1.1 protocol is different than SAML 2.0 and Liberty. SAML 2.0 and Liberty 1.2 define a logout mechanism whereby the service provider sends a logout command to the trusted identity provider when a user logs out at a service provider. SAML 1.1 does not provide such a mechanism. Therefore, when a logout occurs at the SAML 1.1 service provider, no logout occurs at the trusted identity provider. A valid session is still running at the identity provider, and no credentials need to be entered. To log out at both providers, the user must navigate to the identity provider that authenticated the user to the SAML 1.1 service provider and log out manually.