Skip Navigation

Web Single Sign-On

Sabre provides web based Single Sign-On mechanism between SR360/Sabre Red Web and 3rd party Service Providers.

SSO authentication flow

There are two types of SSO authentication flow:

  • Service Provider initiated

  • Identity Provider initiated

Sabre SSO supports authentication flow initialized by the Identity Provider (which in this case is Sabre).

High level flow overwiew

The high-level SSO authentication flow looks like this:

web based sso flow
  1. The browser initiates the flow by opening the URL which was created as a result of SSO configuration.

  2. Identity Provider performs user authentication. This step is performed only when necessary.

  3. Identity Provider returns a self-submitting form containing a SAML assertion.

  4. In the browser, the form is submitted and the assertion is being posted to the Service Provider URL specified during SSO configuration.

  5. The Service Provider validates the SAML assertion and creates a security context in case of successful validation.

  6. The client has access to protected resources.

Assertion Validation

Information about available ways to validate SAML assertions can be found here.

Sample implementation

See the com.sabre.redapp.example3.web.sso sample for implementation.