Is this the expected outcome when both Identity Provider (IdP) initiated flow and Service Provider (SP) initiated flow are configured and required for an application?


Is this the expected outcome when both Identity Provider (IdP) initiated flow and Service Provider (SP) initiated flow are configured and required for an application?

Solution: The end user can choose to authenticate through Okta or through the application with user name and password.
A . Yes
B . No

Answer: A

Explanation:

Once the user is redirected to Okta they’ll need to enter their Okta credentials, unless they had already authenticated into Okta in a previous session within the same browser. In either case, a successful authentication request will redirect the user back to the SP’s Assertion Consumer Service (ACS) URL with an embedded SAML response from Okta.

At a minimum, the response will:

✑ Indicate that it is indeed from Okta and hasn’t been altered, and contain a digital signature proving such. This signature will be verified by the SP using a public key from Okta that was previously uploaded to the SP as a certificate.

✑ Indicate that the user has authenticated successfully into Okta

✑ Indicate who the user is via the NameID, a standard attribute used in SAML assertions.

https://support.okta.com/help/s/article/Beginner-s-Guide-to-SAML?language=en_US

Leave a Reply

Your email address will not be published.