SAML

Flow

• Firstly, the user enters the work domain in the service provider

• Then, the service provider redirects the SAML request to the identity provider

• After user login on the identity provider, the SAML response / Sample assertion will be generated returned to client which contains the user information and scope of access

• The browser forward to SAML response to the service provider, so that the user is authenticated and able to access protected resource

• When user wants to access another service provider

• The service provider forward SAML request to the identity provider based the work domain

• Since user is already authenticated, the identity provider will return the SAML response back to client and then forward to service provider

• Here is the logout flow

References

Azure 單一登入 SAML 通訊協定 - Microsoft Entradocsmsft