SAML Terminology
- Adrian Hui (Deactivated)
Owned by Adrian Hui (Deactivated)
| Term | Definition |
|---|---|
| IDP | Identity provider, e.g. ADFS, Lifray, Schoolbox. Application that handles all user credentials and login authentication. |
| SP | Service provider (application), e.g. Community Portal, SynWeb |
| SSO | Single sign on |
| SLO | Single log out/off |
| SP initiated Login | Login that originated by the user accessing the SP (e.g. Community Portal) |
| IDP initiated Login | Login that is triggered when the user selects a link from the IDP(e.g. Schoolbox/Okta/OneLogin) to launch into the SP. |
| SP initiated Logout | Logout that is triggered by the SP (e.g. Community Portal) where the user clicks the logout button. |
| IDP initiated Logout | Logout that is triggered by either another SP, or the IDP. Sending logout request to all active SP sessions telling them to log this user off. |
| Signing Certificate | The certificate provided by the IDP to ensure the request is valid |
| Claim Attribute Name | The attribute tag name of which the value is being contain in. In the example below, this is defined as NetworkLogin (attribute name is case sensitive) Sample Claim Attribute <saml2:AttributeStatement> <saml2:Attribute Name="NetworkLogin" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"> <saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string"> ahui@synergetic.net.au </saml2:AttributeValue> </saml2:Attribute> </saml2:AttributeStatement> |
| Claim Attribute Value | The value provided by the IDP to find the relevant user details in the Synergetic Database. In the above code block this is defined as ahui@synergetic.net.au. The claim attribute value is then used to search for a matching user via stored procedure e.g. exec spsGetUserLoginData @SelectByValue = 'ahui@synergetic.net.au' This could either be one of the following:
|