SAML Authentication

Use SAML authentication to authenticate a user using a configured external identity provider (IdP). Authentication of a user will be handled by the IdP and a SAML assertion returned to StoreFront asserting the identity of the authenticated user. Typically the SAML assertion will contain one or more statements including, but not limited to: the user’s identity, how the user was authenticated: by what method, and when.

To initiate the authentication process using SAML the client should make a request to the Generic Forms URL as returned by Authentication/GetAuthMethods, to get the first request in a series of requests.

Upon successful authentication the IdP will generate a SAMLResponse, which should be directed back to StoreFront where it will be processed. Upon successful validation of the assertion by StoreFront the user will be authenticated and granted access to protected resources.

StoreFront SAML authentication flow sequence diagram

URL (indicative only) Description
ExplicitAuth/Login?formsProtocol=Forms-Saml Requests the form that details how the request should be constructed to transfer the user to the Identity Provider for authentication. The URL is returned by /Authentication/GetAuthMethods.
/ExplicitAuth/Bounce Initiates the processing of the SAML assertion received from the Identity Provider. When authentication has been performed at the IDP this request will be made automatically by StoreFront. If the SAML assertion has been obtained manually the client will have to make this request. This URL is returned by /Home/Configuration.
/ExplicitAuth/ResumeForms Instructs StoreFront to process the SAML assertion received from the Identity Provider and continues the authentication flow. When authentication has been performed at the IDP this request will be made automatically by StoreFront. If the SAML assertion has been obtained manually the client will have to make this request. This URL is returned by /Home/Configuration.
Resources
StoreFront Web API OpenAPI Specification
Copy Download
SAML Authentication

In this article