Steps to Set up SSO for your custom application

Using Security Assertion Markup Language (SAML), let your customers login to Zoho Subscriptions Portal with your application’s credential.

For easier understanding, let us assume

Login URL as www.zylker.com/saml/login

Logout URL as www.zylker.com/saml/logout

ACS URL as www.accounts.zohoportal.com/accounts/csamlresponse/10807

/*
  * @method GET
  * @queryParams `SAMLRequest`, `RelayState`
*/

GET:  www.zylker.com/saml/login?SAMLRequest={SAMLRequest}&RelayState={RelayState}


------------------------------SAMLPLE SAMLRequest (BASE64)--------------------------------------
fVJNT+MwFLwj8R8i3/PV0NBaTVGgQlRidyMa9sAFObZLLRw7+DldYLX/HSdNYMVq8XE8M2/e6C3Onmvp7bkBoVWG4iBCHldUM6EeMnRbXvozdLY8PloAqWWD89bu1A1/ajnY4yPPPSdXgLvfDLVGYU1AAFak5oAtxZv82zWeBBEmANxYNwR91jVfCxujraZaDrr1KkP3NE2mVVIxQmbbk2o6mSfprEoZqXgUsymbx9NknkzSQfJz3M7ZjS4ALV8rsERZh0fxzI8jP56UUYpPEhxHwelpejeQiyHBuVCHWr6KWx1IgK/KsvCLH5vyw2UvGDffnSRDd3qn37MUrhyxd+iWSOADvHIVC0Vsn3xnbQM4DF9f5CM3AdV12FUXSv0gxkbzseELraCtudlwsxeU395cfxgQSnWrLASvLkCjjSWydxvxkHa+hkPjTHj4+0C5F+wPWh7GdK+/BtyXaJadU+exCP9GHesTv8Hd6utVoaWgL14upf51YTixbnFrWo68S21qYv/fbxzEPSKYv+2pmNdEyJwxFxhQ2N1p+O+hLt8A
------------------------------------------------------------------------------------------------


---------------------------------RelayState (BASE64)----------------------------------------
yygpKSi20tcvLk0qTi7KLCjJzM8r1qvKz8jXS87P1S/ILypJzNGvhtDxeYm5qbX6mXkpqRXx8Z6OvvHxUUCVwch6AQ==
--------------------------------------------------------------------------------------------
/*
   * @method POST
   * @FormData `SAMLResponse` and `RealyState`
*/

POST: https://accounts.zohoportal.com/accounts/csamlresponse/10807

------------------------------SAMLPLE SAMLResponse (BASE64)-------------------------------------
1VjbctpIEH3fqv0HlfLoErohIVSBLIZgy+ZiI+w4vGyNRiOQLWlkzQgEqfz7jsTFXG0nu1XZvBgz3dPdp09P9wwfP2VhwE1RQnwc1Xi5JPEciiB2/Whc4++GbcHgP9X//OMjAWEQmwNEYhwRxLFdETGLxRqfJpGJAfGJGYEQEZNC0250O6ZSksw4wRRDHPBbW17fAQhBCWXh8JzVqvED6Hgy0IBe1qCCHAMiDZUdp6p5kmcYZQ+o1aoEVQfy3P0ahpLDsAhJkRURCiLKliTZEGRJkJWhpJtl1ZTLI55rIUL9CNBi14TSmJiiCCDEaURJaYEnOMYJBUEJ4nCzLsIcRLJKhShLhlRh7qJ1coa4xv8NdVVzVMcFwPDKjqZUVd1wdBc4SJJdza3KmlpVFZ1nueU4rkivWUSc1NdxLObBE0oK17lY9AuxGCIKXEDBR3F704uZ2LQpoClZLu2vNrGLuHsQpOh1FkihbdophIgQnhNXHsRDF8vgG2vaVkRnZJlRBmQ2m5VmagknY1GRJFl86HZsOEEh4De6/tvKgl9wCdEB0axKYi+raIYDgAQFQ5I9wQBVRdA8Awme7EmKhmRXBca7qmI3cf+eldySy1Lpj1mlpcn68LinEiSJUlVkOi7xxx9eotkyg1wr8vC2ZCVsgghHPgSBvyiKuovoBLtcIxjjxKeT8GSWZSn3KKAMClAuRx82hB/4LiC80+4OkoQAgUyAfNz0AHkoYZ0HcXcDq8Z/eC+he6ZW1oYJiIiHk5AcyvdVfgwFiqYowDFyBbJOxiGgn/HyHg6KA/gGvNxryx+zxvYzJB0naMds0TzqD/f3VqU7sHuud9ZzR+eLoTWzrQbu30q1IsZt5T26xW2+d+pbPFngO+W3tGopblR1+v0phS1Cwja4qNDp5P6692RYHTTxMjvN4sQYWTEcn4NZ2u5cG5NL2b66uoeNKrQvMkN1Fo2z2Z2xuHxMrrJs3L5a6F/Op5nt9ODIkaZGr/eUDfX5Y9+1tdZMXjSlsXHbBcllq92dUpCALGhCy/3qjWi3HKpPzmAwHenSuetY4Kwf3dtKpXerw6xfzeQxaxLhVauMZx0VPpTtJz0K7Yk98Z4XesuZVzsX7gQPe8/DceUmjtBVazEaV5XLyOq2H27OhpP54qJhxfqD9OXzYxz0vt5WRk/+ote3zjuZM7we6S7G4ZnXe0zVm9gWe8+4+xDfeV1a/nwftEm5OVP7iqYEl7LjgSektMoyqdx+uZsPFh37c9p3vOevxm2ttmFhK9d7TFyj+YkO9KBJ1Rbrg8crKJc28zHhsSZFUf0biihKuDlOEw6+rHMQs/WIfi9C2d90pJqOeS0E+4HuYtvr9HbqPCJId4wUgh4bj1aLa7MTB+jpuSmX5GLFdwWvUDXZ2PKDhusm+Qytx4AmPvTBXy8zZDUulg4OHa8iauLI83OD+XhdHuvXpzcMTQeBBCX7/fGk2Tx7XA/TftRPGh4j5WA46ssr0wBBP/ZRPj1/yYVptzmt8ncE0BblR8ldZoLtcP1cneTgzxHjDR0gl5bI35GdQwYbqevnbY5hzcnfieyYXv0bWP33fRX4RnII+zXjK5UXgHvIGymdRPk1DoWMTK74+sq9SGUJsFkVM0sn8qBuX6xXqlbkooyRK5UN1fV0SXBybUlWdUEvGxVB11BV91xD0WDlaPJYUM28F2T0RNZeFJoBezmwsVJ/9XEBTZjrseUb9jHDiXvDXiisMJBbTNW8fDfZPWL8GAlHgtyWbZK8zwBlpDkpRYcKhzpc3iJqPJsgDkr6Hl98f6shFYiZhXx13ZIcpgePt4WNs6Lnc+xWbtJ5zLxm7N3GRNH4+Onb7Hs7/jv2SCjlf/KQfmsQbT8htPcLUWzGScnBcxCgfRyHg/uHgWKPjdzflqYb9kpkLSgMUwqcgM3X3xVIUW/FVeKX19rh1eW/rLcCaAf82nP1b9lKcPB/j31fsDeA1uL1Lzr573/i7g+A9X8A
------------------------------------------------------------------------------------------------

SAMLRequest (Decoded)
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_c635b3bdaa8f4b529368b6dabe01d5d91539326" Version="2.0" IssueInstant="2018-10-12T06:43:10.776Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" ProviderName="Zoho" IsPassive="false" Destination="https://zylker.com/saml/login" AssertionConsumerServiceURL="https://accounts.zohoportal.com/accounts/csamlresponse/{portal_id}">
   <saml:Issuer>zoho.com</saml:Issuer>
   <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" />
</samlp:AuthnRequest>
SAMLResponse (Decoded)
<?xml version="1.0" encoding="UTF-8"?>
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="Rcbf1a5a645c2eb8ce5e4bb95f0f884fa3990c3bc" Version="2.0" IssueInstant="2018-10-12T06:43:14Z" Destination="https://accounts.zohoportal.com/accounts/csamlresponse/10807" InResponseTo="_c635b3bdaa8f4b529368b6dabe01d5d91539326">
   <saml:Issuer>https://zylker.com/saml/issuer/metadata</saml:Issuer>
   <samlp:Status>
      <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />
   </samlp:Status>
   <saml:Assertion xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Version="2.0" ID="pfx758baa0c-801f-8a92-5f8e-f1f025e1d3a8" IssueInstant="2018-10-12T06:43:14Z">
      <saml:Issuer>https://zylker.com/saml/issuer/metadata</saml:Issuer>
      <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
         <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
            <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
            <ds:Reference URI="#pfx758baa0c-801f-8a92-5f8e-f1f025e1d3a8">
               <ds:Transforms>
                  <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
                  <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
               </ds:Transforms>
               <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
               <ds:DigestValue>XVVI7MRSNdf+NdZBzTIwSIAoOQ0=</ds:DigestValue>
            </ds:Reference>
         </ds:SignedInfo>
         <ds:SignatureValue>I2dn9bOOvtcDssmFaG7tvhVKNk8ILehfxSuxpr8ZIpcgBawuFLK8hH1SJJVcA9cSGx83bzA+wU8zHjrJxxgFJz6WBvxSbNcZb0v8NNkxT6yjOdS5Dw1zC0g8QMarHDFMvtaraxlCcIdYfZtM4m3kbRRvZ60BdbIa+OnVS27NQ6cxO9x1g/memJD4owL3cX4Sk6nmShShfqz6Dby9LGdhoTNqTg7PpneJDzZg92HnIMFXP+ThyzGAIp6X0WEjplNYQ7ZkizNOIBLxbTKZ6doom+fNju3PpS/NqoMXpUfMt4EVlFs4Cw3O252lH1bfake2D41s7QWUyRzLSEuObfqY8Q==</ds:SignatureValue>
         <ds:KeyInfo>
            <ds:X509Data>
               <ds:X509Certificate>{enter your certificate content}</ds:X509Certificate>
            </ds:X509Data>
         </ds:KeyInfo>
      </ds:Signature>
      <saml:Subject>
         <saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">patricia@zylker.com</saml:NameID>
         <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
            <saml:SubjectConfirmationData NotOnOrAfter="2018-10-12T06:46:14Z" Recipient="https://accounts.zohoportal.com/accounts/csamlresponse/10807" InResponseTo="_c635b3bdaa8f4b529368b6dabe01d5d91539326" />
         </saml:SubjectConfirmation>
      </saml:Subject>
      <saml:Conditions NotBefore="2018-10-12T06:40:14Z" NotOnOrAfter="2018-10-12T06:46:14Z">
         <saml:AudienceRestriction>
            <saml:Audience>{audience}</saml:Audience>
         </saml:AudienceRestriction>
      </saml:Conditions>
      <saml:AuthnStatement AuthnInstant="2018-10-12T06:43:13Z" SessionNotOnOrAfter="2018-10-13T06:43:14Z" SessionIndex="_0483df60-b018-0136-6487-65e96fd825c7">
         <saml:AuthnContext>
            <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
         </saml:AuthnContext>
      </saml:AuthnStatement>
      <saml:AttributeStatement>
         <saml:Attribute Name="memberOf" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
            <saml:AttributeValue xsi:type="xs:string" />
         </saml:Attribute>
         <saml:Attribute Name="User.Username" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
            <saml:AttributeValue xsi:type="xs:string" />
         </saml:Attribute>
         <saml:Attribute Name="User.FirstName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
            <saml:AttributeValue xsi:type="xs:string">patricia.boyale</saml:AttributeValue>
         </saml:Attribute>
         <saml:Attribute Name="office" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
            <saml:AttributeValue xsi:type="xs:string" />
         </saml:Attribute>
         <saml:Attribute Name="PersonImmutableID" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
            <saml:AttributeValue xsi:type="xs:string" />
         </saml:Attribute>
         <saml:Attribute Name="User.email" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
            <saml:AttributeValue xsi:type="xs:string">patricia@zylker.com</saml:AttributeValue>
         </saml:Attribute>
         <saml:Attribute Name="User.LastName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
            <saml:AttributeValue xsi:type="xs:string" />
         </saml:Attribute>
         <saml:Attribute Name="role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
            <saml:AttributeValue xsi:type="xs:string" />
         </saml:Attribute>
      </saml:AttributeStatement>
   </saml:Assertion>
</samlp:Response>
Was this document helpful?
Yes
No
Thank you for your feedback!
Want a feature?
Suggest