¶ SAML Flow
In this section, we will introduce the data flow between SP, IdP and Browser.
¶ Roles in SAML Protocol
Browser: Handel the communication between SP and IdP SP: Service Provider IdP: Identity Provider
¶ SAML Flow
- User send access request to SP.
- SP generate SAML request and send it to IdP via browser redirect.
- IdP received SAML request and request user login.
- User login.
- IdP send SAML response including SAML assertion to SP.
- SP validate SAML response.
- User access granted.
¶ SAML Bindings Between SP and IdP
There are three bindings in SAML: HTTP Redirect Binding, HTTP POST Binding and HTTP Artifact Binding. Each binding is used in different stages during communication.
¶ HTTP Redirect Binding
SP send SAML request via HTTP Redirect Binding. This SAML message is carried directly in the URL query sting of an HTTP GET request
¶ HTTP POST Binding
The SP sends the SAML Request to the IdP in the form of a POST request through the immediately submitted Form. The IdP sends the SAML Response to the SP in the form of a POST request through the immediately submitted Form.
¶ HTTP Artifact Binding
SP and IdP only transmit artifacts in browser. Artifacts can be used to request SAML body via back channel. This avoids SAML Request and SAML Response exposed in the Front End.
