Demystifying SAML : Lets write a Service Provider

🔥 Of course the other choice is that users register with your application and then your app maintains their credentials, separate from company login system. This is poor choice. Why? Its poor user experience since users need to register again on your app and its poor security since they need to maintain multiple set of credentials.

SP →IDP flow

Sequence Diagram explained

The Participants

The means by which Identity provider authenticates the user is not mandated by SAML The most common is userid/password based authentication but its entirely up to the provider

📓 Both the SAML AuthnRequest and Assertion are encoded XML documents

Lets see these in action

Working demo of SP based on

Try it yourself

📓 If you are using a different IDP than the default configured in the sample, then your URL would look differently but the concept remains same. It will be the SSO URL which IDP will provide to the SP.

SAML Assertion

Expand to view



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store