[Question] - describe interactions with IDP #7
Description
Kudos for creating this project.
Apologies if this request seems unreasonable!
Is it possible you would be able to provide a rough description (perhaps a wiki page?) of the interactions that take place when you click the "saml2" login button on the website - in terms of http requests / responses / redirects? For example, does the server make a synchronous request to sustainsys and await a response with the assertion (I am guessing not..)? I'm just wondering how sustainsys is able to post the assertion back to the site that is running on localhost - or does this happen with a cookie / url parameter that it sets and then does response redirect from sustainsys back to localhost?
In addition to that, a description of anything that is stored in temporary session / state whilst the process is ongoing (i.e if anything is cached in memory or on disk - so we know if the process doesn't complete, what happens to this state - does it expire from the cache etc?)
P.S Many thanks for creating this, it looks awesome. I'm only experimenting with SAML at this stage (I have an OAUTH background and now a user story has appeared on my companies backlog involving SAML so i thought I'd get a head start on some research!)