The concepts of Service Provider (SP) and Identity Provider (IdP) are key to understanding the SAML secure authentication system.
The Fluid Topics server has the role of SP. The administrator's SAML provider has the role of IdP.
Both the SP and the IdP use a private and a public key to communicate with each other:
-
The SP sends a message to the IdP that has been encrypted with the IdP public key. The IdP decrypts the SP message by using the IdP private key.
-
In return, the IdP sends a message to the SP that has been encrypted with the SP public key. The SP decrypts the IdP message by using the SP private key.
In order to validate the configuration of authentication parameters, the following information is necessary:
-
The SP must have access to the
metadata.xml
file generated by the IdP. -
The IdP must have access to the
metadata.xml
file generated by the SP.