By justme on Apr 12, 2007
Someone asked this question. "How to federate a user?" Here is the sequence diagram.
- User visits the Service Provider the first time, he/she authenticates with the SP.
- Then SP presents a list of Identity Provider to user
- He/She chooses one of them and authenticate with it
- Name Identifier is created. Name ID is hide the real identity of user. For example, user is joesmith in SP and he/she is jsmith in IDP; and his/her name ID is xyz (xyz is only an illustration, name ID is much longer length-wise). He/She is only known to SP and IDP as xyz.
- IDP registers the name Id and SP ID; and then redirect the request back to SP
- SP registers the name Id and IDP ID.