NSE 6 – FortiAuthenticator 6.4 — Question 2

Which option correctly describes an SP-initiated SSO SAML packet flow for a host without a SAML assertion?

Answer options

• A. Principal contacts service provider, service provider redirects principal to identity provider, after successful authentication identity provider redirects principal to service provider.
• B. Principal contacts identity provider and is redirected to service provider, principal establishes connection with service provider, service provider validates authentication with identity provider.
• C. Principal contacts identity provider and authenticates, identity provider relays principal to service provider after valid authentication.
• D. Service provider contacts identity provider, identity provider validates principal for service provider, service provider establishes communication with principal.

Correct answer: A

Explanation

Option A is correct because it accurately describes the flow where the principal first contacts the service provider, which then redirects to the identity provider for authentication before returning to the service provider. The other options incorrectly represent the roles and order of communication, such as having the principal directly connect with the identity provider or service provider without the proper redirection sequence.