IdP uses a SAML-based security system developed by OASIS Security Services Technical Committee to authenticate principals. For details on SAML, refer to the SAML Specification. IdP implements the HTTP POST binding model of the Web Browser SSO Profile (see the 4.1.2 SP initiated: POST->POST binding section of the Technical Overview).
Remarks
Steps 3 and 4 of the principal authentication schema ("Challenge for credential" and "User login" correspondingly) described in the Technical Overview are performed via the Front Channel interface. For details, refer to the Authentication-related Operations section.
All SAML messages from SPs are sent to URL IDP_API_BASE_URL/relay.
All SAML messages from IdP (in response to SP's messages) are sent to the URL defined in the Destination parameter of a request SAML message.
Previous page
Next page
Locate page