Versions Compared

Old Version 2

changes.mady.by.user Keith Uber

Saved on

compared with

New Version 3

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

IDP Initiated SSO using SAML2


An unsolicited SSO can be done by sending a valid SAML response message to the address:

...

Code Block
https://sso.example.com/uas/saml2/SessionRelayService?entityID=https://sso.example.com/uas/saml2/names/ac/saml.companyx.1&RelayState=/uas/saml2/SessionRelayService?entityID=urn:uuid:6c524df0-4625-32a8-87ef-705b3523e4b2%26RelayState=/app/protected

WS-Federation Passive Requester Profile

The WS-Federation Passive Requester Profile is used for initiating a login request. A request is formed at the PassiveRequestorService endpoint:

...


Because the WS-Federation request is not signed and is thus easily spoofed by any party, the integrated application should check and compare each value of the response to ensure it met the requested parameters.

OAuth2 Applications

For OAuth2 applications, use the Authorization Request URL to initiate the process and acr_values to select the desired authentication method.

Code Block
https://sso.example.com/uas/oauth2/authorization?response_type=code&scope=openid&client_id=2001221477
&redirect_uri=https://client.example.com/response&state=40e1bfc0-4587-4859-be08-a58e3fffa37a&max_age=0&prompt=login&display=popup&ui_locales=en&acr_values=2&login_hint=user@example.com


Info

Filter by label (Content by label)
showLabelsfalse
max5
spacesKNB
showSpacefalse
sortmodified
reversetrue
typepage
cqllabel in ("unsoliticed","sso") and type = "page" and space = "KNB"
labelssso unsoliticed

...