SAML Overview
Some key SAML 2.0 Concepts are presented in the following table.
SAML 2.0 Concept |
Definition |
||||||
Trust Relationship |
Before an identity provider and a service provider can exchange SAML messages, an administrator must configure each of them to trust the other. |
||||||
Web Browser Single Sign-on |
SAML 2.0's Web Browser SSO Profile is its principal sign in mechanism. For a detailed protocol description, see Wikipedia. There are two variants of the Web Browser single sign-on flow:
SP-Initiated Sign In If a user arrives at Flexera One without being logged in, we must forward the user’s browser to a suitable identity provider to obtain a SAML assertion. To determine where to send the user, we prompt the user for a discovery hint, a DNS-like name chosen at setup time to uniquely identify your identity provider in our database. Best Practice:We recommend using unique values as a discovery hint for your identity provider. Identity provider-Initiated Sign In You can sign in to the identity provider and visit an application portal that provides a menu of SSO-accessible applications, including Flexera One. When you click the Flexera One menu item, the browser is directed to Flexera One with a SAML assertion. |
||||||
Relay State |
The relay state is a SAML parameter that conveys where users will be directed after they perform single sign-on. When performing identity provider-initiated sign in, the identity provider can add a default relay state to send the user to a specific place. |