I am trying to understand SSO concept.
Here in the link, http://lersse-dl.ece.ubc.ca/record/285/files/websso_usability_journal.pdf
at page 7, Figure 1a, I see a flow that the client starts the initiation via IDP and it is redirected to IDP and authentication is done.
1) At this point, has the authentication been done?
2) and, why is there another redirection to RP (4)?
My other questions are that in https://en.wikipedia.org/wiki/SAML_2.0#Web_Browser_SSO_Profile
at section Web Browser SSO Profile,
3) I couldn't differentiate the order in sections between SP POST Request; IdP POST Response and SP Redirect Artifact; IdP Redirect Artifact. Can you explain?
4) And comparing to the above question 3, is RP representing SP?
5) And finally, is the SSO authentication ordered always as from Client->IDP->SP? Or can this order be changed?