You are here

You are here

SAML 2.0 Federated Authentication

Customers that have implemented a SAML 2.0 compliant Identity Provider can use it to participate in federated authentication SSO with SpringCM. 

When authenticating to SpringCM via IdP-Initiated SSO, users first navigate to a portal page on their local intranet that authenticates the user and then passes a SAML response to SpringCM to create their SpringCM security context.  When authenticating via SP-Initiated SSO, users first come to SpringCM directly requesting a secure resource via a URL.  SpringCM will then POST-Redirect them to their Identity Provider which prompts the user for authentication if they have not already authenticated.  The Identity provider then generates a SAML Response that is posted back to SpringCM.  If the response is valid their SpringCM security context is created and the user is redirected to the originally requested URL.

The diagram below depicts the flow for SP-Initiated SSO.  Note that IdP-Initiated SSO is a similar process, however steps 1-3 do not take place. The process starts with the user authenticating to the Identity Provider (Step 4), and then choosing to be redirected and logged into SpringCM (Steps 5-7).  In order to enable SAML SSO for a SpringCM account, follow the instructions in the following two sections, Configuring SpringCM for an Identity Provider and Configuring an Identity Provider for SpringCM.

saml2.0flow.png