•John Doe clicks on the link. It takes him to the CarRental service.
•The CarRental service doesn't know who John Doe is, so
it constructs an
AuthnRequest and HTTP redirects John Doe to the Airline service with the AuthnRequest encoded as
a query string on the HTTP
redirect URL.
•The Airline service constructs an authentication
Response and sends it back to
the CarRental service via encoding it within an HTML form.
•Thus, now John Doe is knocking on the CarRental doors with authentication papers in hand.