I am able to see the SAML Request and responses on the server log. In an SP initiated SSO, I am able to see the saml authentication request at the SP server log. And the SAML Assertion response at the IDP Server log.
How do I know if the SAML Assertion generated by the ID is received by SP? Are there any ways to check that pon the SP side? If so, please let me know.
Thanks, aswini J
There's a Request ID in the AuthnRequest that is logged in the PF server.log. If you receive a SAMLResponse at the SP (in this case PF) that is the result of your SP-Init SSO and it contains an InResponseTo attribute/ID, it must match the Request ID that was generated by the server per the SAML 2.0 specification.
PF will automatically enforce the SAML 2.0 processing rules so you don't have to worry about it. If the SAMLResponse is successfully validated, you can configure PF to map the user's identity attributes into a SP Adapter which will help you with your last-mile integration in your application.
I would suggest following up with your Ping Identity RSA who can help you answer some of these core functionality questions.
