IdP and SP initiated SSO for a Microsite
IdP initiated SSO
IDP creates a session, logs in to Cornerstone Saba with an authenticated session. Upon successful authentication, Cornerstone Saba authorizes the session and allows access to all the resources without re-login. Once the existing session is invalidated due to either timeout or logout, the same process is repeated.
For IDP initiated SSO, the customer's IDP should have the capability to define a default Relay state. For any request initiated from the customer's IDP to our SP should have the relay state as following in order to allow IDP Initiated login:
IDP_INIT---SAML_SSO_SITE=dqtnt003site or
IDP_INIT---SAML_SSO_SITE=dqtnt003site---SAML_SSO_REDIRECT_URL=/Web_wdk/DQTNT3/index/startIndex.rdf IDP_INIT---SAML_SSO_SITE=dqtnt003site---SAML_SSO_MICRO_SITE=<MicroSiteId>- dqtnt003site is the site name. <MicroSiteId> is the
microsite. You can confirm the site and microsite names from Cornerstone Saba operations. Note: IdP can send either <MicroSiteId> or microsite URL Identifier (key) in the Relay State URL.
- SAML_SSO_SITE is a mandatory parameter.
- SAML_SSO_MICRO_SITE is used if you have enabled and configured SAML for a microsite.
- SAML_SSO_REDIRECT_URL is an optional parameter to be specified in the relay state. It will redirect to the page specified here after login however, if it is not provided then it defaults to the home page.
Locale also can be passed as part of the relay state, if the user wants to login with a different locale other the one set in the user's profile:
IDP_INIT---SAML_SSO_SITE=dqtnt003site---SAML_SSO_MICRO_SITE=<MicroSiteId>---SAML_SSO_LOCALE=en_USSP initiated SSO
Cornerstone Saba creates a session and sends a login request to the IDP once. Upon successful authentication, Cornerstone Saba authorizes the session and allows access to all the resources without re-login. Once the existing session is invalidated due to either timeout or logout, the same process is repeated.