Amazon.com, Inc.
Single sign-on techniques

Abstract:

Systems and methods are described herein for providing single sign-on capabilities. In some embodiments, an intermediate endpoint of a service provider receives, from a user device, an http_post message including security data provided by an identity provider. In some embodiments, the intermediate endpoint retrieves relay state data specific to the identity provider and transmits the security data and the relay state data to the user device. The user device then transmits the security data and relay state data to an authentication endpoint of the service provider. The authentication endpoint verifies that the SAML response indicated the user was authenticated by an identity provider. A URL may be retrieved from the relay state data and the user device's web browser is redirected to the URL to provide access to one or more services of the service provider.