Virtual Federation at Service Provider (Sun OpenSSO Enterprise 8.0 Technical Overview)

Sun OpenSSO Enterprise 8.0 Technical Overview

Previous: Virtual Federation at Identity Provider
Next: Global Single Logout

Virtual Federation at Service Provider

When a user is already authenticated by the instance of OpenSSO Enterprise at the identity provider and invokes an identity provider application that calls for redirection to a service provider, the identity provider invokes one of the previous use cases and encodes a SAML v2 SSO URL as a part of the request. The identity provider instance of OpenSSO Enterprise then initiates SAML v2 SSO with the instance of OpenSSO Enterprise at the service provider. The service provider's instance of OpenSSO Enterprise then verifies the SAML v2 assertion and included attributes, and redirects to the service provider application, securely transferring the user attributes via a secure HTTP POST message. The service provider application consumes the attributes, establishes a session, and offers the service to the user.

Previous: Virtual Federation at Identity Provider
Next: Global Single Logout