The figure below illustrates the Federation Gateway providing SAML2 endpoint features acting as a Service Provider in a IDP initiated single sign-on configuration.
-
User clicks the HR link on the company portal and is redirected to the company IDP for authentication.
-
IDP sends an AuthN Response to the HR application.
-
Federation Gateway receives the POST, validates the assertion, and makes the attributes available to the OpenIG login chain.
-
OpenIG login chain retrieves the user credentials and POSTs the login form to the myHR application.
-
HR application validates the credentials and redirects to the main page of the application.
