Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

SP Initiated SSO

SP_Inititated_SSO_new.png

How SP initiated SSO works:

  1. User accesses https://logincrm.company.myshn.net (via the Proxy).
  2. Proxy contacts the SP.
  3. SP responds with a redirect to URL https://company.com/adfs/ls/ with SAML request.
  4. The proxy rewrites the assertion consumer URL, resigns the request, and does not change IdP URL.
  5. Browser sends SSO request to federation server @https://company.com/adfs/ls/.
  6. Federation server sends credentials challenge.
  7. User responds to federation server’s challenge for authentication.
  8. Federation server contacts respective directory service to validate user credentials.
  9. Directory service responds with a success or failure.
  10. Federation server sends an HTTP redirect POST request to https://logincrm.company.myshn.net with SAML response back to User Agent (browser).
  11. Browser sends a POST request to https://logincrm.company.myshn.net, the proxy URL, with SAML response received from federation server.
  12. Proxy rewrites the SAML response, resigns it and does a POST request to https://login.salesforce.com, the SP URL, with rewritten SAML response.
  13. SP (SFDC) validates the SAML Response, and if successful, sends a redirect response for https://<pod>.[csp].com/
  14. Proxy rewrites the URL and forward the Redirect Response for https://<pod>crm.company.myshn.net back to the Browser.
  • Was this article helpful?