IdP-initiated connection

Introduction

An IdP-initiated connection is set up in order to make it possible to log in to a service provider, which was not the service provider that initially made an authentication request. It is basically a method in which a user can log in to a Service Provider from the Identity Provider. To set up an IdP-initiated connection, click the SAML 2.0 button under the Tools group in the Connections list.

application-idp-initated

This will immediately set up a connection, as shown below.

application-idp-initated-success

The connection that was set up will be called "Identify runtime connection" as shown below.

application-identify-runtime-connection

This connection will then be available as a separate URL that can be contacted to carry out IdP-initiated login.

The typical site to contact is <site>/runtime/idpinitiated, e.g.: https://identify.safewhere.org/runtime/idpinitiated

When contacting this URL, the user will see the following page:

application-idp-initated-login

There really is no difference between signing on to the site and signing on to one of the sites in the drop-down list. When signing on to the site, the user will just be shown the list of sites anyway. After choosing a site, the user will then be redirected to that site as an authenticated user.