Forums, Documentation & Knowledge Base - ComponentSpace

SP-Initiated Single Sign-On


https://componentspace.com/forums/Topic22.aspx

By ComponentSpace - 2/20/2014

In SP-initiated SSO, the user starts at theSP site and, instead of logging in at the SP site, SSO is initiated with theIdP.
The following diagram outlines the SP-initiated SSO flow.

https://www.componentspace.com/forums/uploads/images/82e3ffe4-9907-44d3-b397-5d56.png

  1. The user browses to the SP site.
  2. The user attempts to access a protected page requiring the user to be authenticated.
  3. The SP sends an authentication request to the IdP’s SSO service endpoint.
  4. If the user is not already authenticated at the IdP, the user must present their credentials and login.
  5. The IdP sends a SAML response containing a SAML assertion to the SP.
  6. The SP uses the information contained in the SAML assertion, including the user’s name and any associated attributes, and performs an automatic login.