RDCP flow

Your application would initiate the flow by calling us the SP with the provided link. The message that is sent between the systems is called an assertion. The assertion contains the email of the user along with HCC_ID that we need to create a user session. It is cryptographically signed so the Roche as SP can trust that it came from you, the right IdP.

Step by step:

1 - User clicks the provided link to access Roche Hosted Application (RDCP)

2 - Our server looks at the requested IdP name and initiates the SAML protocol

3 - Our server issues and sends a SAML an authentication request to the IdP

4 - You as IdP authenticate the user, parse SAML request and generates an encoded SAML response

5 - We as SP verify the user's SAML response and HCC validation, grant application access and redirected the user into the application (HCP Portal).

Interaction Diagram:

What happens when the user clicks on the link?