Informatica web applications and the identity provider exchange authentication information to enable SAML authentication in an Informatica domain.
The following steps describe the basic SAML authentication flow:
A user accesses an Informatica web application.
The user selects the security domain containing LDAP user accounts used for SAML authentication on the application log in page, and then clicks the log in button.
If the user selects the native security domain, the user provides a user name and password and logs in to the application.
Based on the identity provider configuration, the user is prompted to provide the credentials required for first time authentication.
The identity provider validates the user's credentials and creates a session for the user.
The identity provider also validates the target web application URL, and then redirects the user to the web application with a SAML token containing the user's identity information.
The application validates the SAML token and user identity information, creates a user session, and then completes the user log in process.
The existing user session in the browser is used for subsequent authentication. To access another Informatica web application configured to use SAML authentication, the user selects the LDAP security domain on the application log in page. The user does not need to supply a user name or password.
The user remains logged in to all Informatica web applications that are running in the same browser session. However, if the user logs out of an Informatica web application, the user is also logged out of other Informatica web applications running in the same browser session.