---
title: SSO—Browser-POST
description: In this scenario, a user logged on to the identity provider (IdP) attempts to access a resource on a remote service provider (SP) server. HTTP POST transports the SAML assertion to the SP.
component: pingfederate
version: 13.1
page_id: pingfederate:introduction_to_pingfederate:pf_sso_browser_post
canonical_url: https://docs.pingidentity.com/pingfederate/13.1/introduction_to_pingfederate/pf_sso_browser_post.html
llms_txt: https://docs.pingidentity.com/pingfederate/llms.txt
docs_for_agents: https://developer.pingidentity.com/build-with-ai/docs-for-agents.md
revdate: July 5, 2022
section_ids:
  processing-steps: Processing steps
---

# SSO—Browser-POST

In this scenario, a user logged on to the identity provider (IdP) attempts to access a resource on a remote service provider (SP) server. HTTP POST transports the SAML assertion to the SP.

![Diagram illustrating the SSO browser-POST process between the browser interface, the IdP, and the SP.](_images/fue1564003086490.jpg)SSO—Browser-POST profile

## Processing steps

1. A user logs on to the IdP.

   If a user is not logged on for some reason, the IdP challenges them to do so at step 2.

2. The user clicks a link or otherwise requests access to a protected SP resource.

3. Optionally, the IdP retrieves attributes from the user data source.

. . The IdP's SSO service returns an HTML form to the browser with a SAML response containing the authentication assertion and any additional attributes. The browser automatically posts the HTML form back to the SP.

\+

|   |                                                              |
| - | ------------------------------------------------------------ |
|   | SAML specifications require digitally-signed POST responses. |

. . (Not shown) If the IdP returns a valid SAML assertion to the SP, a session is established on the SP and the browser is redirected to the target resource.