In IdP-initiated SSO, the user starts at the IdP site, logs in and clicks a link to the SP site which initiates SSO.
The following diagram outlines the IdP-initiated SSO flow.
<v:shapetype id=“_x0000_t75” stroked=“f” filled=“f” path=“m@4@5l@4@11@9@11@9@5xe” o:preferrelative=“t” o:spt=“75” coordsize=“21600,21600”> <v:stroke joinstyle=“miter”> <v:formulas> <v:f eqn=“if lineDrawn pixelLineWidth 0”> <v:f eqn=“sum @0 1 0”> <v:f eqn=“sum 0 0 @1”> <v:f eqn=“prod @2 1 2”> <v:f eqn=“prod @3 21600 pixelWidth”> <v:f eqn=“prod @3 21600 pixelHeight”> <v:f eqn=“sum @0 0 1”> <v:f eqn=“prod @6 1 2”> <v:f eqn=“prod @7 21600 pixelWidth”> <v:f eqn=“sum @8 21600 0”> <v:f eqn=“prod @7 21600 pixelHeight”> <v:f eqn=“sum @10 21600 0”> </v:f> <v:path o:connecttype=“rect” gradientshapeok=“t” o:extrusionok=“f”> <o:lock aspectratio=“t” v:ext=“edit”></o:lock><v:shape id=“_x0000_i1025” style=“width: 6in; height: 276pt;” type=“#_x0000_t75” o:ole=“”> <v:imagedata o:title=“” src=“file:///C:\Users\Gavin\AppData\Local\Temp\msohtmlclip1\01\clip_image001.emz”>
</v:imagedata></v:shape></v:path></v:f></v:f></v:f></v:f></v:f></v:f></v:f></v:f></v:f></v:f></v:f></v:formulas></v:stroke></v:shapetype>
The user browses to the IdP site.
If the user is not already authenticated at the IdP, the user must present their credentials and login.
The user clicks a link to the SP site.
The IdP sends a SAML response containing a SAML assertion to the SP.
The SP uses the information contained in the SAML assertion, including the user’s name and any associated attributes, and performs an automatic login.