{"id":742,"date":"2019-10-02T12:01:04","date_gmt":"2019-10-02T16:01:04","guid":{"rendered":"http:\/\/salzlechner.com\/dev\/?p=742"},"modified":"2019-10-02T12:05:24","modified_gmt":"2019-10-02T16:05:24","slug":"saml-sso-service-provider-initated-webapp","status":"publish","type":"post","link":"http:\/\/salzlechner.com\/dev\/2019\/10\/02\/saml-sso-service-provider-initated-webapp\/","title":{"rendered":"SAML SSO – Service Provider initated webapp"},"content":{"rendered":"\n\n[et_pb_section fb_built=”1″ _builder_version=”3.26.7″][et_pb_row _builder_version=”3.26.7″][et_pb_column type=”4_4″ _builder_version=”3.26.7″][et_pb_text _builder_version=”3.26.7″]

In this post we will be talking about SAML based single signon, specifically about a webapp (service provider) initiated single signon.<\/p>\n

Single Signon or short SSO allows us to reuse identities for multiple service providers (applications).<\/p>\n

The applications do not need to know about the identity information just the identity provider.<\/p>\n

There is a trust relationship between the service provider and the identity provider and then the authentication process is as follows.\u00a0<\/span>\"\"<\/p>\n

Trust Relationship<\/h2>\n

\u00a0As mentioned previously a trust relationship between the identity provider and the service provider must exist. This is done by the exchange of SAML metadata between the two providers<\/span><\/p>\n

<\/h2>\n

Authentication Process<\/h2>\n

\u00a0First the user attempts to access the webapp (resource at the serviceprovider)<\/span><\/p>\n

In step 2 the service provider creates a SAML request and redirects the user to the identity provider using that request<\/p>\n

This SAML request contains information about the service provider and in most cases certificates and public keys<\/p>\n

The identity provider will now handle the authentication process. Once the user is authenticated the identity provider will create a SAML response containing information about the users identity and send the user back to the service provider.<\/p>\n

The service provider receives the SAML response and will now validate the SAML response to make sure it is a valid response from a valid, trusted identity provider.<\/p>\n

Once the validation is complete the service provider allows access to the resource<\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=”3.26.7″][et_pb_column _builder_version=”3.26.7″ type=”4_4″][et_pb_text _builder_version=”3.26.7″]\n\t\t

\n\t\t\t
\n\t\t\t\t
\n\t\t\t\n\t\t\t
<\/div>\n\t\t<\/div> \n\t\t
\n\t\t\tMichael Salzlechner is the CEO of StarZen Technologies, Inc.\n\nHe was part of the Windows Team at Data Access Worldwide that created the DataFlex for Windows Product before joining\u00a0StarZen Technologies. StarZen Technologies provides consulting services as well as custom Application development and third party products\n\t\t<\/div>\n\t\t\t<\/div>\n\t\t<\/div>[\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section]\n\n","protected":false},"excerpt":{"rendered":"

In this post we will be talking about SAML based single signon, specifically about a webapp (service provider) initiated single signon. Single Signon or short SSO allows us to reuse identities for multiple service providers (applications). The applications do not need to know about the identity information just the identity provider. There is a trust […]<\/p>\n","protected":false},"author":1,"featured_media":757,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"","_et_gb_content_width":"","ngg_post_thumbnail":0,"footnotes":""},"categories":[7,27,48],"tags":[],"class_list":["post-742","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-c","category-dataflex-webapp","category-saml"],"_links":{"self":[{"href":"http:\/\/salzlechner.com\/dev\/wp-json\/wp\/v2\/posts\/742","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/salzlechner.com\/dev\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/salzlechner.com\/dev\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/salzlechner.com\/dev\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/salzlechner.com\/dev\/wp-json\/wp\/v2\/comments?post=742"}],"version-history":[{"count":6,"href":"http:\/\/salzlechner.com\/dev\/wp-json\/wp\/v2\/posts\/742\/revisions"}],"predecessor-version":[{"id":753,"href":"http:\/\/salzlechner.com\/dev\/wp-json\/wp\/v2\/posts\/742\/revisions\/753"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/salzlechner.com\/dev\/wp-json\/wp\/v2\/media\/757"}],"wp:attachment":[{"href":"http:\/\/salzlechner.com\/dev\/wp-json\/wp\/v2\/media?parent=742"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/salzlechner.com\/dev\/wp-json\/wp\/v2\/categories?post=742"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/salzlechner.com\/dev\/wp-json\/wp\/v2\/tags?post=742"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}