Developer's Guide

Workflow

How does SAML function?

The step by step illustration shows the transactions between the IDP (Identity Provider) and the SP (Service provider):

  1. Credential Validation

  2. SAML Request to the IDP

  3. Authentication at IDP

  4. Response message to Zoho-SSO

  5. User session

 

 

 

 

 

 

 

 

 

 Step 1: Credential validation


When a user from the organization "zohocorp.com" tries to sign-in to his portal using a business URL "https://mail.zoho.com/ or http://www.zohocorp.com  (mapped custom domain)

It will be checked for valid credentials.

 Step 2: SAML Request to the IDP


"Service Provider" (Zoho-SSO) constructs a request message and posts the SAML Request message to the IDP (zohocorp.com).

  • The below is the sample message that is sent as SAML Request. (Before encoding)

  • The above message is sent using the HTTP Post Binding.

  • The message will be Base64 encoded.

  • So the final request will be in the below format.

Sample URL:

 Step 3: Authentication at IDP


  • IDP (eg. : zohocorp.com) should authenticate the user based on the SAML request received from the Service Provider (Zoho SSO).

 Step 4: Response message to Zoho-SSO


  • After successful authentication, IDP (eg. : zohocorp.com) should respond to the Service Provider (Zoho-SSO), say @https://accounts.zoho.com/samlresponse/zohocorp.com about the successful authentication, with the required information.

  • Sample Message : The above message should be encoded in Base-64 format.

 Step 5 : User Session


  • Upon receiving the successful authentication response from the IDP (eg. zohocorp.com), the Service Provider (Zoho SSO) will verify the message using the public key provided by the IDP

  • If it is valid, it will create a session for the user.

  • Then, the user can access all the Zoho services under SSO.

Share this post : FacebookTwitter

Still can't find what you're looking for?

Write to us: support@zohoaccounts.com