SAML 2.0
The content on this page is based on the SAML 2.0 core standard established by OASIS.
Service Provider (SP)
Identity Provider (IdP)
SAML Assertions contains
timestamp
issuer
subject
conditions
Authentication statements
Attribute statements
Authorization decision statements
Assertions can be signed and/or encrypted
Sign-in flows
SP-initiated sign-in: Triggered when the user tries to access a specific SAML-protected resource directly and the SP redirects the user to the IdP. The context of which specific resource the user requests access to is included.
IdP-initiated sign-in: Triggered when the user visits the IdP och then redirects to the SP. Since no context is included on which specific resource is being requested, the user will be redirected to a generic landing page on the SP.
Warning: The IdP-initiated sign-in is susceptible to Man-in-the-Middle attacks as the the
Sources
Last updated