{"id":6533,"date":"2018-09-06T09:45:37","date_gmt":"2018-09-06T14:45:37","guid":{"rendered":"http:\/\/appcrawler.com\/wordpress\/?p=6533"},"modified":"2021-04-02T17:26:34","modified_gmt":"2021-04-02T22:26:34","slug":"saml-response-between-idp-and-sp","status":"publish","type":"post","link":"http:\/\/appcrawler.com\/wordpress\/2018\/09\/06\/saml-response-between-idp-and-sp\/","title":{"rendered":"SAML response between IDP and SP"},"content":{"rendered":"<p>samlresponse sent from idp back to browser, who posts via form to service provider. the response is encrypted with the public key of the service provider<\/p>\n<p>Usually, the SP creates a SAML request, and also creates a form whose action submits the authnRequest value to the IDP. The trick is that the IDP and the SP agree that if the requests is signed with a key that is acceptable, the SP can be sure the IDP has actually verified who the person says they are.<\/p>\n<p>For example, the SP creates the request below&#8230;<\/p>\n<form id=\"samlPost\" action=\"https:\/\/myidp.com\/adfs\/ls\/?\" method=\"POST\"><input name=\"SAMLRequest\" type=\"hidden\" value=\"PHNhbWxwOkF1dGhuU&lt;snip&gt;G5SZXF1ZXN0Pg==\" \/><\/form>\n<pre><\/pre>\n<p>&#8230;and the browser submits it to the IDP&#8230;<\/p>\n<form action=\"https:\/\/mysp.com\/sso\/saml\/finalize\" method=\"POST\" name=\"hiddenform\"><input name=\"SAMLResponse\" type=\"hidden\" value=\"PHNhbWxwOlJlc&lt;snip&gt;lc3BvbnNlPg==\" \/><\/form>\n<pre><\/pre>\n<p>&#8230;which redirects the browser back to the SP with the signed response&#8230;<\/p>\n<form id=\"authenticationPost\" action=\"https:\/\/login.mysp.com\/login\" method=\"POST\"><input name=\"code\" type=\"hidden\" value=\"Q9ZaCo&lt;snip&gt;MPrPWGw==\" \/> <input name=\"return_to\" type=\"hidden\" value=\"https:\/\/serviceprovider.com\/accounts\/123456\/applications\" \/><\/form>\n<pre><\/pre>\n","protected":false},"excerpt":{"rendered":"<p>samlresponse sent from idp back to browser, who posts via form to service provider. the response is encrypted with the public key of the service provider Usually, the SP creates a SAML request, and also creates a form whose action&hellip;<\/p>\n<p class=\"more-link-p\"><a class=\"more-link\" href=\"http:\/\/appcrawler.com\/wordpress\/2018\/09\/06\/saml-response-between-idp-and-sp\/\">Read more &rarr;<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"footnotes":""},"categories":[66],"tags":[],"_links":{"self":[{"href":"http:\/\/appcrawler.com\/wordpress\/wp-json\/wp\/v2\/posts\/6533"}],"collection":[{"href":"http:\/\/appcrawler.com\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/appcrawler.com\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/appcrawler.com\/wordpress\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/appcrawler.com\/wordpress\/wp-json\/wp\/v2\/comments?post=6533"}],"version-history":[{"count":8,"href":"http:\/\/appcrawler.com\/wordpress\/wp-json\/wp\/v2\/posts\/6533\/revisions"}],"predecessor-version":[{"id":6942,"href":"http:\/\/appcrawler.com\/wordpress\/wp-json\/wp\/v2\/posts\/6533\/revisions\/6942"}],"wp:attachment":[{"href":"http:\/\/appcrawler.com\/wordpress\/wp-json\/wp\/v2\/media?parent=6533"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/appcrawler.com\/wordpress\/wp-json\/wp\/v2\/categories?post=6533"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/appcrawler.com\/wordpress\/wp-json\/wp\/v2\/tags?post=6533"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}