NIEF TPAT | TD: SAML SP Requirements

SAML SP Requirements - IDP-Initiated SSO, v1.0

The requirements for supporting IDP-Initiated SAML SSO (also known as Unsolicited SAML SSO) when implementing a Service Provider.

Assessment Step

1 Support for Unsolicited SAML Responses (SupportforUnsolicitedSAMLResponses) Does the system accept unsolicited SAML Responses? Note that an unsolicited response is any SAML Response sent to the system by an IDP but not in response to an AuthnRequest made by the system. Artifacts System Behavior for Unsolicited Responses Provide a screen shot or description of how the system behaves when it receiveds an unsolicited SAML Response, including what page or service is offered by default. Unsolicited SAML Response Provide a sample SAML Response sent to the system by an IDP. The Response must NOT include an InResponseTo attribute.

Conformance Criteria (1)

Support for Unsolicited SAML Responses The system SHOULD accept unsolicited SAML Responses. Citation NIEF Discussion/Review

Show Metadata, Sources & Terms

Hide Metadata, Sources & Terms

Metadata

Identifier

https://trustmark.nief.org/tpat/tds/icam-saml-sp-unsolicited/1.0/

Publication Date

2021-06-25

Issuing Organization

NIEF (https://nief.org/) View Contact

NIEF Support

help@nief.org

No telephone

No Mailing Address

Keywords

NIEF, Federated ICAM, Security Assertion Markup Language, SAML, Service Provider, SP, Relying Party, RP, Single Sign-On, SSO

Issuance Criteria

yes(all)

Legal Notice

This artifact is published by the National Identity Exchange Federation (NIEF). This artifact and the information contained herein is provided on an "AS IS" basis, and NIEF disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, NIEF disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein.

Sources (1)

NIEF	NIEF Technical Guidance

Terms (6)

Term Name	Abbreviations	Definition
Federated Identity, Credential, and Access Management	Federated ICAM	Refers to a comprehensive approach for dealing with digital identities (and associated attributes), credentials, and access control within a federated environment (across jurisdictional boundaries).
National Identity Exchange Federation	NIEF	National law enforcement and public safety information sharing trust framework.
Relying Party	RP	Alternate term for a service provider.
Security Assertion Markup Language	SAML	A set of eXtensible Markup Language (XML) data structures and messaging protocols designed to enable single sign-on between system entities.
Service Provider	SP	A system that provides a user with some service capability, requently within Federated ICAM implementations. A service provider is the Federated ICAM counterpart to an identity provider.
Single Sign-On	SSO	A capability that enables a user to authenticate themselves to a single system and reuse the results of that authentication process at multiple partner systems that trust the authenticating system.

Also available as XML or JSON