IdP-initiated SSO—Artifact - PingFederate

Page created: 12 Sep 2019 |

Page updated: 18 Mar 2020

| 1 min read

PingFederate 10.0 Product Administration User task Single Sign-on (SSO) Capability SAML Standards, specifications, and protocols Product documentation Content Type Software Deployment Method Administrator Audience

In this scenario, the IdP sends a SAML artifact to the SP via an HTTP redirect. The SP uses the artifact to obtain the associated SAML response from the IdP.

Processing steps:

A user has logged on to the IdP.
(If a user has not yet logged on for some reason, he or she is challenged to do so at step 2).
The user clicks a link or otherwise requests access to a protected SP resource.
Optionally, the IdP retrieves attributes from the user datastore.
The IdP federation server generates an assertion, creates an artifact, and sends an HTTP redirect containing the artifact through the browser to the SP's Assertion Consumer Service (ACS).
The ACS extracts the Source ID from the SAML artifact and sends an artifact-resolve message to the identity federation server's Artifact Resolution Service (ARS).
The ARS sends a SAML artifact response message containing the previously generated assertion.
(Not shown) If a valid assertion is received, the SP establishes a session and redirects the browser to the target resource.

IdP-initiated SSO—Artifact - PingFederate - 10.0

PingFederate Server