How does SAML function?
The step by step illustration shows the transactions between the IDP (Identity Provider) and the SP (Service provider):
It will be checked for valid credentials.
If there are no valid credentials set, the user will be redirected to the central authentication server "https://accounts.zoho.com/samlauthrequest/zohocorp.com"
"Service Provider" (Zoho-SSO) constructs a request message and posts the SAML Request message to the IDP (zohocorp.com).
The below is the sample message that is sent as SAML Request. (Before encoding)
The above message is sent using the HTTP Post Binding.
The message will be Base64 encoded.
So the final request will be in the below format.
- IDP (eg. : zohocorp.com) should authenticate the user based on the SAML request received from the Service Provider (Zoho SSO).
After successful authentication, IDP (eg. : zohocorp.com) should respond to the Service Provider (Zoho-SSO), say @https://accounts.zoho.com/samlresponse/zohocorp.com about the successful authentication, with the required information.
Sample Message : The above message should be encoded in Base-64 format.
Upon receiving the successful authentication response from the IDP (eg. zohocorp.com), the Service Provider (Zoho SSO) will verify the message using the public key provided by the IDP
If it is valid, it will create a session for the user.
Then, the user can access all the Zoho services under SSO.