IdP uses a SAML-based security system developed by OASIS Security Services Technical Committee to authenticate principals. For details on SAML, refer to the SAML Specification. IdP implements the HTTP POST binding model of the Web Browser SSO Profile (see the 4.1.2 SP initiated: POST->POST binding section of the Technical Overview).
Steps 3 and 4 of the principal authentication schema ("Challenge for credential" and "User login" correspondingly) described in the Technical Overview are performed via the Front Channel interface. For details, refer to the Authentication-related Operations section.
All SAML messages from SPs are sent to URL
All SAML messages from IdP (in response to SP's messages) are sent to the URL defined in the
Destination parameter of a request SAML message.