|Note: SAML 1.1 will be deprecated soon. If you are working on a new integration, we strongly recommend that you use OIDC instead.|
Commonly, the authentication process starts in your application and will consist of the following steps. You are required to carry out the actions marked in bold.
- Authenticating the user: You are the service provider (SP) and you need to authenticate an end user in order to grant him or her access to some service. In order to do that, you redirect the user to Signicat (in the browser). Read more about redirecting the user to Signicat here.
- Signicat will host the entire authentication process using any of the available (or desired) id methods, after which a SAML assertion (XML) is constructed. The SAML assertion will be signed with a certificate which ensures that the contents of the assertion cannot be spoofed or altered.
- Receiving the SAML response: Signicat will then redirect the user back to your application along with the aforementioned SAML assertion. Read more about the SAML response here.
- Verifying the SAML response: Your application will pick up the SAML assertion and validate it to make sure it’s correct. Read more about validating the SAML response here; with Java or with C#.
- Retrieving attributes from the SAML response: After validation has taken place, the values in the SAML assertion (such as user name, personal identity number etc.) can be extracted and processed by your application for further usage (typically logging the user in). Please refer to the SAML response examples to see which attributes that are available.