|
|
|
In a single sign-on use case, the Service Provider sends a request for an assertion to an Identity Provider. The AuthnRequest contains an attribute that specifies an affiliation identifier.
When the Identity provider receives the request, it verifies that the Service Provider is a member of the affiliation identified in the AuthnRequest, and it generates the assertion with the Name ID shared by the affiliation. It returns this assertion to the Service Provider. Upon receiving the assertion, authentication takes place at the Service Provider.
| Copyright © 2010 CA. All rights reserved. | Email CA about this topic |