NSE 6 – FortiAuthenticator 6.1 — Question 15

Which option correctly describes an SP-Initiated SSO SAMI packet flow for a host without a SAML assertion?

Answer options

• A. Service provider contacts identity provider, identity provider validates principal for service provider, service provider establishes communication with principal
• B. Principal contacts service provider, service provider redirects principal to identity provider, after successful authentication identity provider redirects principal to service provider
• C. Principal contacts identity provider and authenticates, identity provider relays principal to service provider after valid authentication
• D. Principal contacts identity provider and is redirected to service provider, principal establishes connection with service provider, service provider validates authentication with Identity provider

Correct answer: B

Explanation

Option B is correct because it accurately outlines the flow where the principal initiates contact with the service provider, which then redirects them to the identity provider for authentication. The other options misrepresent the flow by either reversing the order of interactions or incorrectly stating the roles of the service provider and identity provider in the authentication process.