SP-Initiated SSO
Service Provider initiated Single Sign-On using the SAML 2.0 Web Browser SSO Profile (saml-profiles §4.1). The SP detects an unauthenticated user, generates an AuthnRequest, and redirects the user to the IdP for authentication. After successful authentication, the IdP returns a signed SAML Response containing an Assertion with the user's identity. This is the most common SAML SSO flow in enterprise environments.
SP-Initiated SSO
Service Provider initiated Single Sign-On using the SAML 2.0 Web Browser SSO Profile (saml-profiles §4.1). The SP detects an unauthenticated user, generates an AuthnRequest, and redirects the user to the IdP for authentication. After successful authentication, the IdP returns a signed SAML Response containing an Assertion with the user's identity. This is the most common SAML SSO flow in enterprise environments.
Sequence Diagram
Click any step for details
Step-by-Step Breakdown
Token Inspector
Specs for this flow
Sections of the protocol that normatively define this flow, plus the security considerations that apply to it.