1.6.1 SSO/SAML

Single Sign-On (SSO)/Security Assertion Markup Language (SAML) is a type of authentication supporting the OFS Compliance Studio. It is an open standard for exchanging authentication and authorization between the user and the Compliance Studio Application, such as login, authentication state, identifiers, and other relevant attributes.

Figure 1-4 SAML Authentication Process


Description of Figure 1-4 follows
Description of "Figure 1-4 SAML Authentication Process"

The entities are:
  • End-User
  • OFS Compliance Studio Application
  • SAML
The SAML authentication process is as follows:
  1. A user sends a request to access the OFS Compliance Studio Application.
  2. The application redirects the request to IDP for authentication with SAML request:
  3. The application sends the request to IDP for the SSO login page.
  4. IDP validates the SAML request for the login page.
  5. IDP sends the response to the user with the SSO login page.
  6. The user enters the credentials on the SSO login page.
  7. IDP validates the credentials and generates the SAML response.
  8. IDP sends the SAML response is as follows:
    • For valid credentials, it sends the response to the application for validating the SAML response.
    • For invalid credentials, it displays an authentication error.
  9. It posts SAML response to Assertion Consumer URL for valid credentials.
  10. The application verifies the user signature in the SAML response.
  11. The application displays the OFS Compliance Studio home page to the user.