View all questions & answers for the FCP - FortiAuthenticator 6.5 Administrator Exam Materials exam


Question 7 Discussion

Which option correctly describes an SP-initiated SSO SAML packet flow for a host without a SAML assertion? (Choose one answer)

  • A. Service provider contacts identity provider, identity provider validates principal for service provider, service provider establishes communication with principal
  • B. Principal contacts identity provider and authenticates, identity provider relays principal to service provider after valid authentication
  • C. Principal contacts service provider, service provider redirects principal to identity provider; after successful authentication identity provider redirects principal to service provider
  • D. Principal contacts identity provider and is redirected to service provider, principal establishes connection with service provider, service provider validates authentication with identity provider
Correct Answer: C

Brave-Dump Clients Votes

C 100%

Comments



Juan Diego Ruiz 2025-04-15 22:18:21

Selected Answers: C


Now, you will learn about the SAML packet flow for a non-authenticated principal that is trying to access
resources.
1. The principal tries to access resources on SP1.
2. SP1 requests SAML assertion.
3. The principal replies that it does not have SAML assertion for SP1.
4. SP1 instructs the principal to redirect to the SAML IdP for authentication.
5. The principal contacts the IdP and requests SAML assertion for SP1.
6. The IdP asks the principal whether it has SAML authentication assertion for the contacted IdP.
7. The principal replies that it does not have an authentication assertion for the IdP.
8. The IdP then presents the principal with a login portal
9. The principal logs in with their credentials.
10. The IdP validates the credentials and updates its database with the login event.
11. Once the principal is successfully authenticated, the IdP provides it with SAML authentication assertion
and attributes the assertion for SP1.
12. The principal is redirected to the SP1 resources that it originally requested.
13. SP1 receives the SAML assertion for SP1, and authorizes the principal to access the resources.
The principal can continue to access resources on SP1, without having to log in again, until the SAML
authentication cookie expires, or the user closes the web session, or the user triggers a log out.