...
Embedded in this redirect message is a SAML authentication request message. This message is compressed (to save space in the URL) and encoded (because some characters are not allowed in URLs). Aside from the encoding and compression, the SAML message could look like this (simplified):
| Code Block | ||||
|---|---|---|---|---|
| ||||
<AuthnRequest ID="kfcn...lfki" Version="2.0" IssueInstant="2013-02-05T08:28:50Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" ProviderName="google.com" AssertionConsumerServiceURL="https://www.google.com/a/uni.nl/acs" > <Issuer>google.com</Issuer> <NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" /> </AuthnRequest> |
In plain English, this message more or less reads "this is a request from Google. Please authenticate the user sending this message, and send the result back to Google".
...