pythonsamlsimplesamlphp

In SAML, when an user/password pair is to be authenticated, where is the user/passwd pair located in an AuthnRequest?


I've been looking through examples of AuthnRequest messages and have yet to determine where the user and password data that I want to authenticate (with my installed, configured and tested SimpleSAMLphp IDP) is located in the actual request.

I'm building a python-based SP which I want to talk to the IDP.


Solution

  • An AuthnRequest from an SP instructs the IdP to authenticate the anonymous user. The SP doesn't know who the user is at this point. The IdP will ask the user for the username and password and if it can authenticate the user it will return attributes to the SP's AttributeConsumerService URL. The SP can ask for specific attributes to be returned that identify the user and at that point the SP can see a username if the IdP agrees to release it.