What is SP-initiated and IdP-initiated?

By Tips

What is SP-initiated and IdP-initiated?

IdP-Initiated vs SP-Initiated What’s unique about the SP-initiated login is a SAML request. An IdP-initiated login starts with the user first navigating to the IdP (typically a login page or dashboard), and then going to the SP with a SAML assertion.

What is the difference between SP-initiated and IdP-initiated SSO?

The IdP creates an SSO Response with a SAML 2.0 Assertion containing user information as well as authentication data, and redirects the user’s browser to the SP with the message and the RelayState parameter. The SP validates the SAML 2.0 Assertion and creates an SSO session for the user.

What is SP-initiated login?

Service Provider (SP) initiated SSO involves the SP creating a SAML request, forwarding the user and the request to the Identity Provider (IdP), and then, once the user has authenticated, receiving a SAML response & assertion from the IdP. This flow would typically be initiated by a login button within the SP.

What is a RelayState in SAML?

In Security Assertion Markup Language (SAML) 2.0, RelayState is an optional parameter that identifies a specified destination URL your users will access after signing in with SSO. By using a deep link, your users will go directly to the specified console page without additional navigation.

What is SP initiated URL?

Service Provider Initiated (SP-initiated) SSO. Referred to as Procore-initiated SSO, this option gives your end users the ability to sign into the Procore Login page and then sends an authorization request to the Identify Provider (e.g., Okta, OneLogin, or Microsoft Azure AD).

What is SP connection?

You manage connection settings using the SP Connection wizard, which organizes the settings into a series of primary tasks. Some primary tasks have one or more levels of sub tasks. Each primary or sub task has its own screen, where you manage one or more settings.

What is SP identity?

A Service Provider (SP) is the entity providing the service, typically in the form of an application. An Identity Provider (IdP) is the entity providing the identities, including the ability to authenticate a user.

When does the IDP send the RelayState to the SP?

1. That is correct, the RelayState sent by the IdP to the SP is the one that the SP specified at the beginning of the flow, when redirecting the user from the SP to the IdP with the AuthnRequest and RelayState parameters 2. This is defined by the SAML 2.0 specifications: the InResponseTo attribute is not set in the SAML Response

Where does the RelayState go in a SAML request?

A RelayState is an HTTP parameter that can be included as part of the SAML request and SAML response. In an SP-initiated sign-in flow, the SP can set the RelayState parameter in the SAML request with additional information about the request.

What is the meaning of the RelayState parameter?

The original meaning of RelayState is that the SP can send some value to the IDP together with the AuthnRequest and then get it back. The SP can put whatever value it wants in the RelayState and the IDP should just echo it back in the response.

What happens when you push the relay state?

In this example, they are pushing their dynamic relay state in the URL. As we can see here, the Fiddle trace picks up the test relay state that we put. As we drop down further along the trace, we can see the relay state is wiped blank.