File:Authentication Sequence with SAML.png
Created via http://sequencediagram.org/, licensed under the terms of the MPLv2 license. Copyright (c) kang@insecure.ws
Source: title Authentication Sequence with SAML
participant "User's Browser (User-Agent)" as UserAgent participant "Website (Relying Party/Service Provider)" as RP participant "SAML Provider (SAML "IdP"/OP)" as OP participant "LDAP, GitHub, etc. (True IdP)" as IdP
note over UserAgent: User visits https://rp.example.net to perform login
UserAgent->RP: GET https://rp.example.net/
RP->RP: GET https://rp.example.net/login?ReturnTo=https://rp.example.net&IsPassive=false&IdP=urn:op.example.net RP->OP: Request SAML assertion parameters OP->RP: XML <parameters> UserAgent->OP: GET https://op.example.net/samlp/client_identifier OP->OP: Perform SAML=>OIDC parameter translation internally (This is Mozilla-specific) OP->IdP: authenticate user (via SAML, OIDC or other means) IdP->OP: return user attributes OP->OP: Perform OIDC=>SAML parameter translation internally (This is Mozilla-specific)
OP->UserAgent: 302 Redirect to https://rp.example.net/callback?[...] (redirect_uri/recipient URL)
UserAgent->RP: GET https:\/\/rp.example.net/callback?[...]
note left of RP:POST /callback parameters: SAMLResponse in base64 XML:\n<saml:Issuer>op.example.net</saml:Issuer>\n<SignatureValue>1Fgpt7AaHcME2...</SignatureValue>\n<saml:SubjectConfirmationData NotOnOrAfter="2016..</>\n<saml:Attribute Name=...</>\n[...]
RP->RP: Verify assertion response signature is valid, signed by OP
RP->UserAgent: 302 Redirect https://rp.example.net/
note over UserAgent: User is authenticated to https:\/\/rp.example.net
File history
Click on a date/time to view the file as it appeared at that time.
Date/Time | Thumbnail | Dimensions | User | Comment | |
---|---|---|---|---|---|
current | 00:46, 22 December 2016 | 2,067 × 933 (99 KB) | Gdestuynder (talk | contribs) | Created via http://sequencediagram.org/, licensed under the terms of the MPLv2 license. Copyright (c) kang@insecure.ws Source: title Authentication Sequence with SAML participant "User's Browser (User-Agent)" as UserAgent participant "Website (Relyi... |
- You cannot overwrite this file.
File usage
The following page links to this file: