I have a couple of questions on SP and IdP initiated SSO.
With IdP-iniated SSO does my www.application.com URL point to the IdP server? If it points to the actual application how does IdP actually work?
For SP-initiated SSO, is authentication enforced by an application security layer, e.g. something developer has to introduce? Can it be implemented on Web Server layer or proxy in front of web server?
Thanks!
With IDP init the user visits a URL at the IDP, authenticate and is forwarded to your application.
For your second question, all the mentioned alternatives are possible. It is possible to enforce it in the application using OpenSAML or SpringSAML
It is possible to to on some application servers ex websphere
its possible to use a separate software acting as a proxy ex. OpenAM shibboleth
There is proos and cons with all, but that is a to deep discussion for this question.