# timOhjeet

Terms:

  • Service Provider (SP) is an application that requests identification. For example, TIM is a Service Provider
  • Identity Provider (IdP) is a service that provides user identification to SPs. For example, JYU is an IdP.
# saml
UserUserTIMTIMHAKAHAKAIdPIdPGET /feedGET <Haka metadata URL><IdP metadata as XML>List of IdPs as JSONGET /sso (choice of IdP + return URL)Load Haka metadata, prepare requestRedirect (HTTP code 302) to IdP login URL with argsGET <IdP login URL>Login page<Credentials><Success/fail information>POST /acs (SAML response w/ user identification attributes)Parse SAML response,automatically register the user or log them inRedirect to front page with session information

Extra info:

  • /feed is not required by SAML. It's TIM's own route for getting a listing of all IdPs so that they can be shown in UI
  • /acs ("Assertion Consumer Service" URL) was provided to Haka when TIM was registered as a Service Provider. IdP will instruct user's browser to POST user authentication information to that URL if login was successful

These are the current permissions for this document; please modify if needed. You can always modify these permissions from the manage page.