In this scenario, the user attempts to access a resource on TechSmith. However, they do not have a current logon session on this site and their federated identity is managed by their Identity Provider (IdP). They are sent to the IdP to log on, and the IdP provides a SAML web SSO assertion for the user's federated identity back to TechSmith.
- User requests a resource which is hosted by a TechSmith site that requires SSO authentication. The request is sent to TechSmith’s sign in system to see if the user already has a valid session token.
- If the user does not have a session token, they are redirected to the pre-configured customer IdP server with a SAML Request for authentication.
- The user either has an existing active browser session with the identity provider or establishes one by logging into the identity provider.
- The identity provider builds the authentication response in the form of an XML-document containing the user’s username or email address, signs it using an X.509 certificate, and posts this information to the service provider. This XML document contains the SAML Assertions, and is called a SAMLResponse.
- The SAMLResponse is sent back to the TechSmith assertion consumer service, which verifies and validates the message in several ways, including ensuring the encryption is valid, and that the assertions match the claim types that were pre-configured.
- The identity of the user is established, and the user is provided with app access via browser redirect to their original destination URL.