IdP initiated login fails when SAML authentication is enabled for TIBCO Cloud

IdP initiated login fails when SAML authentication is enabled for TIBCO Cloud

book

Article ID: KB0072291

calendar_today

Updated On:

Products Versions
TIBCO Cloud -

Description

In TIBCO Cloud, for SAML authentication, we only support "SP-initiated login," i.e. TIBCO, as a Service Provider, initiates the request to the IdP which then responds with the SAML assertion. 
IdP-initiated login is not supported. It's inherently vulnerable because it allows impersonation by whoever intercepts the SAML assertion. IdP-initiated flow benefits from having a bookmarkable URL and bypassing our prompts. The /xidp flow documented here enables users to do just that: https://account.cloud.tibco.com/cloud/docs/index.html#accounts/manageldap/enterprise_sso.html 

Issue/Introduction

IdP initiated login fails when SAML authentication is enabled for TIBCO Cloud

Additional Information

Docs: https://account.cloud.tibco.com/cloud/docs/index.html#accounts/manageldap/enterprise_sso.html
Powered by Wolken Software