Programming GuidesProgramming Guide for CPolicy Management APIFederation Security ServicesSAML 2.0 › Single Sign-on Example

Previous Topic: SAML 2.0

Next Topic: SAML 2.0 Pseudo-code Example
Single Sign-on Example

By sharing security assertions, a principal can log in at one site (the site acting as the Identity Provider), and then access resources at another site (the Service Provider) without explicitly supplying credentials at the second site. For example:

  1. The user is a homebuyer who authenticates at a realtor's web site.

    Any authentication scheme can be used to authenticate the user.

  2. While viewing real estate listings, the user notices a link to a bank with an attractive mortgage rate.
  3. The user clicks the link.
  4. At the realtor's site, an entity acting as the Identity Provider packages the user's information in a SAML assertion, then transports the assertion to the bank's site using the SAML 2.0 POST binding.
  5. At the bank's site, an entity acting as the Service Provider uses the SAML 2.0 Authentication scheme associated with the Identity Provider to validate the user for the resources on the bank's site.

    This validation is transparent to the user.

  6. If the user is successfully validated, the user is allowed on the bank's site to view the rate information.

Copyright © 2010 CA. All rights reserved. Email CA about this topic