For the sake of example, let’s say the SP is Google Apps and the IDP is an organisation called My University, where Alice is a student.
The flow of SAML protocol messages can be illustrated in a diagram as follows: Now, when Alice wants to read her mail using a web browser, she typically navigates to a webpage like https://mail.google.com/a/(step 1 in the diagram above).
The SAML2 gateway is integrated with Signicat's existing portal, which means that Signicat can provide authentication over the SAML2 protocol for all e-ID methods we are supporting today, and also new e-ID methods that we plan to support in the future.
The service provider must establish a SAML2 federation service on their side.
In essence, this message says “this is a message from nl.
I have successfully authenticated a user called ‘alice’. One essential piece of information that was deleted from the message above for brevity is an XML digital signature, that is used as proof that the message was indeed sent by nl, and that the message was not tampered with along the way.
What basically happens is that IDP and SP exchange SAML protocol messages through the user’s browser.
After successful authentication, Alice’s browser is sent back to Google at the so called Assertion Consumer Service URL (step 6).
Microsoft is conducting an online survey to understand your opinion of the Msdn Web site.
If you choose to participate, the online survey will be presented to you when you leave the Msdn Web site.
There is a lot more to tell about SAML, but a far as Web Single Sign-on is concerned, this is basically it.
You may wonder where exactly SURFconext should be positioned in al this.