SAML authentication requires a
service provider
(the
firewall or Panorama), which controls access to applications, and
an
identity provider
(IdP) such as PingFederate, which
authenticates users. When a user requests a service or application,
the firewall or Panorama intercepts the request and redirects the
user to the IdP for authentication. The IdP then authenticates the
user and returns a
SAML assertion
, which indicates
authentication succeeded or failed.
SAML
Authentication for Captive Portal End Users illustrates SAML
authentication for an end user who accesses applications through
Captive Portal.