Simple SAML SSO Workflow
Whats is the detailed Basic SAML SSO workflow in ClearPass?
SAML transactions use Extensible Markup Language (XML) for standardized communications between the identity provider and service providers. SAML is the link between the authentication of a user’s identity and the authorization to use a service.
Service Provider (SP) - The web application where the user is trying to gain access
A service provider needs the authentication from the identity provider to grant authorization to the user.
An Identity Provider performs the authentication that the end-user is who they say they are and sends that data to the service provider along with the user’s access rights for the service.
An SP-initiated login starts with the user first navigating to the SP, getting redirected to the IdP with a SAML request, then redirected back to the SP with a SAML assertion.
An IdP-initiated login starts with the user first navigating to the IdP (typically a login page or dashboard) and then going to the SP with a SAML assertion.
ClearPass can act as both a SAML Service Provider (SP) and SAML Identity Provider (IdP). ClearPass can also be integrated with numerous 3rd-party SAML SPs and IdP's such as Shibboleth, simpleSAMLphp, and Google Apps.
When we integrate CPPM with 3rd-party SAML, then we have to configure CPPM as either SP or IDP based on the requirement.
In our workflow mentioned below, we have used both the SP and IDP as the ClearPass server.