UserAM SAML v2.0Service ProviderSAML v2.0Identity Provider1.Initiate authentication2.Execute any modules in theauthentication chain thatprecede the SAML2 module3.Execute the SAML2authentication moduleSAML2 authentication module starts4.Request assertionIf the user needs to authenticate to the IdP5.Request credentials6.Provide credentials7.Authenticationsuccessful8.Return assertion9.Attempt to access user bysearching for persistentname ID (in SP data store)If the name ID for the user is not found on the SP[If dynamic profile creation and auto-federation are enabled]10.Create the user on the SP,including the persistent nameID in the user profile[If dynamic profile creation and auto-federation are not enabled,and if a linking chain exists, and if the name ID format is persistent]11.Invoke the linking chain toauthenticate the user on the SP12.Write the persistent name ID inthe user profileSAML2 authentication module is complete13.Execute remaining authenticationmodules in the authentication chain14.Authentication complete