Identity Provider (Idp) and Introduction to IdP-Initiated SSO
Identity Provider
A system that creates, maintains, and manages identity information.
IdP (Identity Provider), is a system that creates, maintains, and manages identity information for principals (users, services, or systems) and provides principal authentication to other service providers (applications) within a federation or distributed network. It is a trusted third party that can be relied upon by users and servers when users and servers are establishing a dialog that must be authenticated. The IdP sends an attribute assertion containing trusted information about the user to the SP
IdP (Identity Provider), is a system that creates, maintains, and manages identity information for principals (users, services, or systems) and provides principal authentication to other service providers (applications) within a federation or distributed network. It is a trusted third party that can be relied upon by users and servers when users and servers are establishing a dialog that must be authenticated. The IdP sends an attribute assertion containing trusted information about the user to the SP
We are going to use Identity Provider Initiated SSO in later article. Means User will Login from Outside(IDp) and will be redirected to ServiceNow/Salesforce. Identity Provider must follow Federated Authentication (SAML) standard
SAML stands for “Security Assertion Markup Language” and it is Open standard for exchanging Authentication and Authorization between Systems. SAML based authentication is supported both
ServiceNow/Salesforce
Idp Initiated Single Sign On :
In IDp Initiated SSO, User Directly logins to Identity provider/Idp redirects user to proper ServiceNow/Salesforce Instance with SAML assertion in request (Service Provider). If SAML assertion is valid then Salesforce validates that user successfuly.
Technical Flow:
In this scenario, a user is logged on to the IdP and attempts to access a resource on a remote SP server. The SAML assertion is transported to the SP via HTTP POST.
Processing Steps:
- A user has logged on to the IdP.
- The user requests access to a protected SP resource. The user is not logged on to the SP site.
- Optionally, the IdP retrieves attributes from the user data store.
- The IdP’s SSO service returns an HTML form to the browser with a SAML response containing the authentication assertion and any additional attributes. The browser automatically posts the HTML form back to the SP.
- NOTE:SAML specifications require that POST responses be digitally signed.
- If the signature and assertion are valid, the SP establishes a session for the user and redirects the browser to the target resource.
In next post we will discuss about, SP(ServiceProvides) and SP Initiated Single Sign On, stay tune
Category: Idp, Salesforce, Security, ServiceNow, single sign on(SSO, SP, SSO
0 comments