SAML-Based SSO Login Process

JFrog Platform Administration Documentation

Content Type
Administration / Platform
  1. The user attempts to reach a hosted JFrog Platform, Home Page.

  2. The Platform generates a SAML authentication request.

  3. The SAML request is encoded and embedded into the identity provider URL.

  4. The Platform sends a redirect to the user's browser. The redirect URL includes the encoded SAML authentication request that should be submitted to the identity provider.

  5. The identity provider decodes the SAML message and authenticates the user. The authentication process can proceed by asking for valid login credentials or by checking for valid session cookies.

  6. The identity provider generates a SAML response that contains the authenticated user's username. In accordance with the SAML 2.0 specification, this response is digitally signed with the identity provider’s private DSA/RSA keys.

  7. The identity provider encodes the SAML response and returns that information to the user's browser. The identity provider redirects back to the Platform with the signed response.

  8. The Platform’s ACS verifies the SAML response using the partner's public key. If the response is successfully verified, the ACS redirects the user to the destination URL.

  9. The user has been redirected to the destination URL and is logged in to the Platform.

    image2012-12-30 12-4-3.png