- Contents
SSO Identity Providers Technical Reference
Assertion Consumer Service URL
One required piece of information that you must provide to the identity provider is the Assertion Consumer Service (ACS) URL address, which the identity provider will use to verify that the SAML messages from that service provider can be serviced. Otherwise, the identity provider will ignore it as a DDoS attack. The ACS URL is a combination of the Secure Token Server subsystem address, its port number for handling SAML messages, the SAML binding, and any necessary information that is specific for CIC or ICWS.
ACS URL address use the following syntax:
https://SecureTokenServer:Port/AuthenticationType
The following table describes each portion of the ACS URL for your service provider:
|
Item |
Service Provider |
Description |
|
SecureTokenServer |
CIC |
The address of the CIC server that hosts the Secure Token Server subsystem through which CIC will issue security tokens |
|
ICWS |
The address of the ICWS server, which will function as the Single Sign-On service provider Important! Examples:
icws.example.com
connect.example.com/api/icws.example.com Note: If you have multiple ICWS servers, you should provide an ACS URL for each one, if allowed by the identity provider. |
|
|
Port |
CIC |
The network port through which the Secure Token Server subsystem of the CIC server will listen for SAML messages The default value is 8043. |
|
ICWS |
The network port through which Interaction Center Web Services (ICWS) will listen for SAML messages The default value is 8019. Note: If you are using an HTTP proxy in your network, you do not need to specify a port number for the ACS URL address. |
|
|
AuthenticationType |
CIC |
The SAML protocol and binding for validating the credentials of the principal Examples:
|
|
ICWS |
/icws/connection/single-sign-on/return |