Which option correctly describes an SP-initiated SSO SAML packet flow for a host without a SAML assertion?
Which option correctly describes an SP-initiated SSO SAML packet flow for a host without a SAML assertion?
In an SP-initiated Single Sign-On (SSO) SAML flow, when a principal (user) does not have a SAML assertion, the correct sequence is as follows: The principal first contacts the service provider. Since the principal does not have a SAML assertion, the service provider redirects the principal to the identity provider. The identity provider then authenticates the principal. After successful authentication, the identity provider sends the principal back to the service provider with the necessary SAML assertion. This sequence ensures that the user is authenticated by the identity provider before accessing services from the service provider.
On Study Guide, slide 424
A. Principalwithout assertion means that it has not been authenticated yet for any ressource on antother SP in the ferderation. P. 439 in the 6.5 student guide