Service provider-initiated SSO flow

This topic describes the SAML service provider-initiated single sign-on (SSO) flow for applications that are integrated with an AppDirect-powered marketplace. For the identity provider-initiated SSO flow, see Identity provider-initiated SSO flow.

A description of each step follows the image.

Service-provider initiated SSO flow

  1. The user initiates SSO by clicking on the MyApps tile
  2. The user is redirected to SP-initiated Login URL that’s registered with product SSO configuration.
  3. The Developer initiates SSO by sending a SAML authentication request to the authentication endpoint.Following is an example of how it appears.

    https://marketplace.appdirect.com/saml/idp/login/11b60de8-47b7-42c0-bb50-44a13eb0b79f?SAMLRequest=<SAML_request>

    See Example D—SAML request in the SAML authentication event examples for an example of the full SAML request sent to the marketplace.

  4. The user is authenticated with the marketplace (if they're not already logged in).
  5. The SAML response (assertion) is generated and the marketplace sends a POST request to the Assertion Consumer Service (ACS) URL registered with the SSO product configuration.

    Following is an example:

    https://www.isv.com/acs?SAMLResponse=<SAML_response>

  6. See Example C—SAML response in the SAML authentication event examples for an example of the full SAML response sent to the developer’s ACS.
  7. The SAML response is validated by the developer.
  8. The user is logged in to the developer application.