For SP-initiated flow, generate an AuthnRequest with a unique ID and timestamp, embed the RelayState with the intended post-login destination URL, and redirect or POST to the IdP SSO endpoint.
The IdP authenticates the user and returns a SAMLResponse to the SP's Assertion Consumer Service URL; the SP validates signatures, NotBefore/NotOnOrAfter conditions, and the InResponseTo attribute to tie the response to your request.
For IdP-initiated flow no AuthnRequest exists; the SP receives an unsolicited SAMLResponse and must validate it without an InResponseTo match — implement an allowlist of permitted IdP-initiated RelayState values to prevent open-redirect attacks.
Always validate that the Destination attribute in the response matches your ACS URL and that the Issuer matches the registered IdP entity ID.
Prevent assertion replay by storing and checking the assertion ID against a short-lived cache (at minimum for the assertion validity window).
Return the user to the RelayState URL only after full validation; sanitize it to only permit relative paths or explicitly allowlisted absolute URLs.
Known gotchas
IdP-initiated flows have no InResponseTo to validate, making them inherently more vulnerable to CSRF and assertion replay; many security frameworks recommend disabling IdP-initiated SSO entirely if not required.
RelayState values are not signed in the SAML spec and can be tampered with in transit; treat them as untrusted input and validate against an allowlist or a server-side nonce map.
NotOnOrAfter clock skew between SP and IdP (even a few minutes) causes valid assertions to be rejected; ensure NTP sync and implement a small configurable clock skew tolerance.
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp