Security Assertion Markup Language (SAML)

The SAML login provider uses SAML to authenticate users from any SAML compatible identity provider (IdP), like Shibboleth. Studo Flow supports both signed and encrypted assertions. New users can be created "on-demand" when logging in, in case they are not currently in the database.

Getting the service provider (SP) entityId and metadata (SP EntityDescriptor XML)

When the SAML login provider is enabled, the SP entityId is always:

https://<YOUR_FLOW_DOMAIN>/saml/sp

Calling this URL will return the SP Metadata. Your IdP should be able to fetch the SP Metadata regularly, when the configuration of the SAML login provider is changed in the Flow UI, the changes are instantly reflected in the SP Metadata.

Single Logout (SLO)

If the IdP supports Single Logout (SLO), Studo Flow also supports it. The IdP must be configured to send SLO requests to the Studo Flow SLO endpoint:

https://<YOUR_FLOW_DOMAIN>/saml/slo

This is already advertised in the SP Metadata.

Getting the service provider (SP) entityId and metadata (SP EntityDescriptor XML)​

Single Logout (SLO)​

Getting the service provider (SP) entityId and metadata (SP EntityDescriptor XML)

Single Logout (SLO)