IdP-Initiated SSO
In this scenario, the user is logged on to the IdP and attempts to access a resource on the Talent Suite server. The SAML 2.0 assertion is transported to the Talent Suite via HTTP POST.
About this task
As shown in the diagram, the IdP-initiated SSO process is as follows:
Procedure
The user logs on to the IdP.
2. The user requests access to a protected Talent Suite resource. The user is not logged on to the Talent Suite site.
3. The IdP SSO service returns a HTTP form to the browser with a SAML response containing the authentication assertion and any additional attributes.
4. The browser automatically posts the HTML form back to the Talent Suite.
5. (Not shown) If a valid assertion is received, then a session is established on the Talent Suite and the browser is redirected to the target resource.