Skip to main content

Security Assertion Markup Language (SAML)

The SAML login provider uses SAML to authenticate users from any SAML compatible identity provider (IdP), like Shibboleth. Studo Flow supports both signed and encrypted assertions. New users can be created "on-demand" when logging in, in case they are not currently in the database.

Getting the service provider (SP) entityId and metadata (SP EntityDescriptor XML)

When the SAML login provider is enabled, the SP entityId is always:

https://<YOUR_FLOW_DOMAIN>/saml/sp

Calling this URL will return the SP Metadata. Your IdP should be able to fetch the SP Metadata regularly, when the configuration of the SAML login provider is changed in the Flow UI, the changes are instantly reflected in the SP Metadata.