I am developing my first Service Provider initiated login AM solution.

As I understand it, this is the flow:

1. Client visits the remote appliction directly, lets say
2. On the remote system website, the client chooses where he is coming
from. Let's say he chooses a specific company in a dropdown
3. The remote application then redirects the user to AM and prompts for
4. User types credentials
5. AM sends a SAML request to the remote system with the needed claims
6. The remote system authenticated the claims
7. The remote system sends a SAML reponse with "user granted" (does this
happen, when it is SP initiated?)
8. AM redirects the user to the requested site (does this happen?)

I am not sure if 7 and 8 actually happens, or the remote application,
after authenticating the SAML request, just redirects the user to the
requested site?

Anyways, the owner of the remote system needs to know where to redirect
the user to, after choosing what company they came from. They call it an
endpoint or login site. I am not sure what they mean by that. What URL
would that be on the AM? Is it the IDS base URL? AGW base URL?

I have provided them with the metadata endpoint:

But what is the redirect URL they need when redirecting the user to AM?
https://saml.customer.dk/nidp ?
https://agw.customer.dk/nidp ?

I have read some documentation but I am still not sure.

Thanks in advance,


jacmarpet's Profile: https://forums.netiq.com/member.php?userid=415
View this thread: https://forums.netiq.com/showthread.php?t=54550