9
Behind the Scenes an Assertion
is Sent to the Service Provider
"The user is John Doe, he has an
email address of j.doe@acompany.com,
and he was authenticated into this system
using a password mechanism."
There
must be a business agreement between the identity
provider
and the service provider. They must agree to a set
of
identifiers and/or attributes to use when referring to the user.
The
service provider must trust the identity provider.
SAML Assertion
(an authentication assertion)