Table of Contents |
---|
IDP Initiated SSO using SAML2
An unsolicited SSO can be done by sending a valid SAML response message to the address:
...
Code Block |
---|
https://sso.example.com/uas/saml2/SessionRelayService?entityID=https://sso.example.com/uas/saml2/names/ac/saml.companyx.1&RelayState=/uas/saml2/SessionRelayService?entityID=urn:uuid:6c524df0-4625-32a8-87ef-705b3523e4b2%26RelayState=/app/protected |
WS-Federation Passive Requester Profile
The WS-Federation Passive Requester Profile is used for initiating a login request. A request is formed at the PassiveRequestorService endpoint:
...
Because the WS-Federation request is not signed and is thus easily spoofed by any party, the integrated application should check and compare each value of the response to ensure it met the requested parameters.
OAuth2 Applications
For OAuth2 applications, use the Authorization Request URL to initiate the process and acr_values to select the desired authentication method.
Code Block |
---|
https://sso.example.com/uas/oauth2/authorization?response_type=code&scope=openid&client_id=2001221477 &redirect_uri=https://client.example.com/response&state=40e1bfc0-4587-4859-be08-a58e3fffa37a&max_age=0&prompt=login&display=popup&ui_locales=en&acr_values=2&login_hint=user@example.com |
Info |
---|
Related articles
Filter by label (Content by label) | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
...