Which option correctly describes an SP-initiated SSO SAML packet flow for a host without a SAML assertion?

Which option correctly describes an SP-initiated SSO SAML packet flow for a host without a SAML assertion?
A . Service provider contacts idendity provider, idendity provider validates principal for service provider, service provider establishes communication with principal
B. Principal contacts idendity provider and is redirected to service provider, principal establishes connection with service provider, service provider validates authentication with identify provider
C. Principal contacts service provider, service provider redirects principal to idendity provider, after succesfull authentication identify provider redirects principal to service provider
D. Principal contacts idendity provider and authenticates, identity provider relays principal to service provider after valid authentication

View Answer

Answer: C

Explanation:

SP-initiated SSO SAML packet flow for a host without a SAML assertion is as follows:

Principal contacts service provider, requesting access to a protected resource.

Service provider redirects principal to identity provider, sending a SAML authentication request.

Principal authenticates with identity provider using their credentials.

After successful authentication, identity provider redirects principal back to service provider, sending a SAML response with a SAML assertion containing the principal’s attributes.

Service provider validates the SAML response and assertion, and grants access to the principal.

Reference: https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administration-guide/906179/saml-service-provider#sp-initiated-sso