Hi guys,

I am new to SAML and i am trying to understand the process flow of
Service-provider initiated SSO for NAM.

From the documentation (section SAML Service Provider Process Flow),
the SP generate the assertion. I thought it should be the IDP? And in
this example, the IDP did not prompt the user to enter their

Do we have a process flow for NAM that is similar as below? Or does NAM
has the same process flow? I need a process flow to show to my client
for NAM.

The user requests access to a protected SP resource. The request is
redirected to the federation server to handle authentication.
The federation server sends an HTML form back to the browser with a SAML
request for authentication from the IdP. The HTML form is automatically
posted to the IdPs SSO service.
If the user is not already logged on to the IdP site or if
re-authentication is required, the IdP asks for credentials (e.g., ID
and password) and the user logs on.
Additional information about the user may be retrieved from the user
data store for inclusion in the SAML response. (These attributes are
predetermined as part of the federation agreement between the IdP and
the SP)

The IdPs SSO service returns an HTML form to the browser with a SAML
response containing the authentication assertion and any additional
attributes. The browser automatically posts the HTML form back to the

Many thanks

mochacoffee's Profile: https://forums.netiq.com/member.php?userid=6175
View this thread: https://forums.netiq.com/showthread.php?t=54033