NIEF TPAT | TD: SAML SP Requirements

SAML SP Requirements - User Interface, v1.0

The user interface requirements for implementing a SAML Service Provider.

Assessment Steps (3)

1 SSO Link Provided (SSOLinkProvided) Does the system provide a link that the user can select to initiate an SSO transaction? Artifact SSO Link Provide the URL of the system's website page that includes an SSO link, or provide a screenshot of the page if the URL is not publicly available.
2 Support for IDP Discovery (SupportforIDPDiscovery) Does the system provide a mechanism for handling IDP discovery? Artifact Discovery Details Provide screenshots and/or an explanation of how the system supports IDP discovery (e.g., local mechanism, centralized service, dynamic/automatic discovery, etc.)
3 Authn Request Following IDP Discovery (AuthnRequestFollowingIDPDiscovery) Upon selection of an IDP from the single sign-on page, does the system send a SAML AuthnRequest to the selected IDP? Artifact SAML AuthnRequest Artifact Provide a header trace including the AuthnRequest generated by the system.

Conformance Criteria (3)

SSO Link Provided The system MUST provide a link that a user can select to initiate an SSO transaction. Citation NIEF Discussion/Review
Support for IDP Discovery The system MUST implement a mechanism through which it can discover the user's IDP system. There are two options for this: communicate with an available centralized IDP Discovery Service, or implement a local IDP Discovery Service. For example, the system can implement local IDP discovery by providing the user with a series of links through which to select an IDP. Citation NIEF Discussion/Review
Authn Request Following IDP Discovery Upon user selection of an IDP, the system MUST generate a SAML AuthnRequest and send it to the selected IDP. Citation NIEF Discussion/Review

Show Metadata, Sources & Terms

Hide Metadata, Sources & Terms

Metadata

Identifier

https://trustmark.nief.org/tpat/tds/icam-saml-sp-ui/1.0/

Publication Date

2021-06-25

Issuing Organization

NIEF (https://nief.org/) View Contact

NIEF Support

help@nief.org

No telephone

No Mailing Address

Keywords

NIEF, Federated ICAM, Securiy Assertion Markup Language, SAML, Service Provider, SP, Relying Party, RP, User Interface, UI

Issuance Criteria

yes(all)

Legal Notice

This artifact is published by the National Identity Exchange Federation (NIEF). This artifact and the information contained herein is provided on an "AS IS" basis, and NIEF disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, NIEF disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein.

Sources (1)

NIEF	NIEF Technical Guidance

Terms (6)

Term Name	Abbreviations	Definition
Federated Identity, Credential, and Access Management	Federated ICAM	Refers to a comprehensive approach for dealing with digital identities (and associated attributes), credentials, and access control within a federated environment (across jurisdictional boundaries).
National Identity Exchange Federation	NIEF	National law enforcement and public safety information sharing trust framework.
Relying Party	RP	Alternate term for a service provider.
Security Assertion Markup Language	SAML	A set of eXtensible Markup Language (XML) data structures and messaging protocols designed to enable single sign-on between system entities.
Service Provider	SP	A system that provides a user with some service capability, requently within Federated ICAM implementations. A service provider is the Federated ICAM counterpart to an identity provider.
User Interface	UI	The means by which the user and a computer system interact, in particular through the use of input devices and software.

Also available as XML or JSON