IdP-initiated SSO—POST - PingFederate

Page created: 12 Sep 2019 |

Page updated: 18 Mar 2020

| 1 min read

PingFederate 10.0 Product Administration User task Single Sign-on (SSO) Capability SAML Standards, specifications, and protocols Product documentation Content Type Software Deployment Method Administrator Audience

In this scenario, a user is logged on to the IdP and attempts to access a resource on a remote SP server. The SAML assertion is transported to the SP via HTTP POST.

Processing steps:

A user has logged on to the IdP.
(If a user has not yet logged on for some reason, he or she is challenged to do so at step 2).
The user clicks a link or otherwise requests access to a protected SP resource.
Optionally, the IdP retrieves attributes from the user datastore.
The IdP's SSO service returns an HTML form to the browser with a SAML response containing the authentication assertion and any additional attributes. The browser automatically posts the HTML form back to the SP.

Note:
SAML specifications require that POST responses be digitally signed.
(Not shown) If the signature and the assertion (or the JSON Web Token) are valid, the SP establishes a session for the user and redirects the browser to the target resource.

IdP-initiated SSO—POST - PingFederate - 10.0

PingFederate Server