SAML SSO Integration

Workflow

How does SAML function?

The step by step illustration shows the transactions between the IDP (Identity Provider) and the SP (Service provider):

  1. Credential Validation
  2. SAML Request to the IDP
  3. Authentication at IDP
  4. Response message to SkyDesk-SSO
  5. User session

Step 1 : Credential validation

  • When a user from the organization "example.com" tries to Sign-In to his portal using say "Business URL" http://example.business.skydesk.jp/
  • It will be checked for valid credentials
  • If there are no valid credentials set, the user will be redirected to the central authentication server "https://accounts.skydesk.jp/samlauthrequest/example"

Step 2 : SAML Request to the IDP

  • "Service Provider" (SkyDesk-SSO) constructs a request message and posts the SAML Request message to the IDP (example.com)
  • The below is the sample message that is sent as SAMLRequest. (Before encoding)

  • The above message is sent using the HTTP Post Binding.
  • The message will be Base64 encoded
  • So the final request will be in the below format
  • Sample URL:

Step 3 : Authentication at IDP

  • IDP (eg. : example.com) should authenticate the user based on the SAML request received from the Service Provider (SkyDesk SSO)

Step 4 : Response message to SkyDesk-SSO

  • After successful authentication, IDP (eg. : example.com) should respond to the Service Provider (SkyDesk-SSO), say @ https://accounts.skydesk.jp/samlresponse/example.business.mail.skydesk.jp about the successful authentication, with the required information
  • Sample Message : The above message should be encoded in Base-64 format

Step 5 : User Session

  • Upon receiving the successful authentication response from the IDP (eg. example.com), Service Provider (SkyDesk SSO) will verify the message using the public key provided by the IDP
  • If it is valid it will create a session for the user
  • Then, the user can access all the SkyDesk services under SSO

Top