Skip to content
ProtocolSoup

SAML 2.0

SAML 2.0

Section titled “SAML 2.0”

Standards

Section titled “Standards”
  • SAML 2.0 Core
  • SAML 2.0 Bindings
  • SAML 2.0 Profiles
  • SAML 2.0 Metadata

Available Flows

Section titled “Available Flows”
Flow IDNameDescription
sp_initiated_ssoSP-Initiated SSOService Provider starts the login flow
idp_initiated_ssoIdP-Initiated SSOIdentity Provider starts the login flow
single_logoutSingle LogoutCoordinated logout across participants
metadataMetadata ExchangeSP/IdP metadata discovery and sharing

Demo Scenarios

Section titled “Demo Scenarios”
  • SP-Initiated SSO Demo — Complete SP redirect flow
  • IdP-Initiated SSO Demo — IdP pushes assertion to SP
  • Single Logout Demo — Logout propagation
  • Assertion Deep Dive — Assertion parsing and validation
  • Metadata Exploration — SP/IdP metadata inspection

Endpoints

Section titled “Endpoints”
PathMethodsPurpose
/saml/metadataGETSP/IdP metadata
/saml/ssoGET, POSTSSO service (IdP side)
/saml/acsGET, POSTAssertion Consumer Service (SP side)
/saml/sloGET, POSTSingle Logout
/saml/loginGET, POSTSP-initiated login
/saml/idp-initiatedGETIdP-initiated SSO
/saml/demo/usersGETDemo users
/saml/demo/sessionsGETActive demo sessions

Looking Glass Endpoints

Section titled “Looking Glass Endpoints”
PathMethodsPurpose
/saml/looking-glass/authn-requestGETCreate AuthnRequest for inspection
/saml/looking-glass/authenticatePOSTAuthenticate with Looking Glass tracking
/saml/looking-glass/logout-requestGETCreate LogoutRequest for inspection
/saml/looking-glass/logoutPOSTProcess logout with Looking Glass tracking

What To Validate

Section titled “What To Validate”
  • AuthnRequest: ID, IssueInstant, Destination, AssertionConsumerServiceURL
  • Assertion: Issuer, Subject, Conditions, AuthnStatement, AttributeStatement
  • Signature: XML signature on assertion or response
  • Replay: InResponseTo matching, NotOnOrAfter constraints
  • SLO: LogoutRequest and LogoutResponse sequencing