[et_pb_section fb_built=”1″ _builder_version=”4.9.7″][et_pb_row _builder_version=”4.9.7″ background_size=”initial” background_position=”top_left” background_repeat=”repeat”][et_pb_column type=”4_4″ _builder_version=”3.25″ custom_padding=”|||” custom_padding__hover=”|||”][et_pb_post_title meta=”off” featured_image=”off” _builder_version=”4.9.7″ title_font=”Times New Roman||||||||” title_text_align=”left” title_text_color=”#000000″ title_font_size=”47″ background_color=”RGBA(0,0,0,0)” background_enable_image=”off” custom_margin=”|||10%” title_font_size_tablet=”40″ title_font_size_phone=”35″ title_font_size_last_edited=”on|desktop”][\/et_pb_post_title][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=”4.9.7″ background_size=”initial” background_position=”top_left” background_repeat=”repeat”][et_pb_column type=”4_4″ _builder_version=”3.25″ custom_padding=”|||” custom_padding__hover=”|||”][et_pb_text _builder_version=”4.9.7″ text_font=”Georgia||||||||” text_text_color=”#000000″ text_font_size=”22px” text_line_height=”1.9em” header_2_font=”|700|||||||” header_2_font_size=”31px” max_width=”800px” max_width_last_edited=”off|phone” custom_margin=”|||10%” custom_margin_last_edited=”off|desktop” text_font_size_tablet=”” text_font_size_phone=”” text_font_size_last_edited=”on|phone” text_line_height_last_edited=”off|phone”]<\/p>
ForgeRock helps the end user authenticate when they try to access a service provider.<\/p>\n
ForgeRock is what the service provider needs to connect with the identity provider and make sure the user is who they say they are.<\/p>\n
Once the end user sends in the request, the identity provider takes over and verifies the user inside ForgeRock.<\/p>\n
ForgeRock makes a SAML assertion after the user has been successfully authenticated.<\/p>\n
I want to point this out because the assertion is just XML-based statements that give information about the user’s profile and the level of authentication that was done.<\/p>\n
You can see these XML statements being passed between systems when you test this flow inside ForgeRock.<\/p>\n
<\/p>\n
When the SAML assertion goes back to the service provider and the request is verified, ForgeRock finishes the trust loop.<\/p>\n
We call it a “circle of trust” because both the identity provider and the service provider depend on ForgeRock to keep the authentication flow safe.<\/p>\n
You can set up ForgeRock to work with as many identity providers and service providers as you need.<\/p>\n
I can set up one ForgeRock identity provider for internal use and another ForgeRock identity provider for outside organizations to use.<\/p>\n
When you work in the Federation part of ForgeRock, you’ll see that the platform calls these parts federated identities.<\/p>\n
ForgeRock lets you use the same identity to log in to both internal and external apps. This is called cross-domain single sign-on.<\/p>\n
I make entity providers in the ForgeRock interface by giving them an entity ID and deciding if they should be an identity provider or a service provider.<\/p>\n
With ForgeRock, you have full control over naming, aliasing, and setting up metadata.<\/p>\n
This flexibility helps students see how ForgeRock organizes authentication parts behind the scenes.<\/p>\n
In ForgeRock circle of trust always start by making an identity provider and a service provider.<\/p>\n
ForgeRock lets me connect the two pieces in a single circle of trust once they are both there.<\/p>\n
<\/video><\/p>\nI name the circle and turn it on. Then, ForgeRock sees it as a formal trust relationship between systems.<\/p>\nThe circle of trust inside ForgeRock has a list of identity and service providers that talk to each other.<\/p>\nThe trust relationship starts as soon as I add the ForgeRock identity provider and service provider to the circle.<\/p>\nThis is the part that students often like the most because it makes the idea of trust very real.<\/p>\nI also show how ForgeRock shows the meta alias for both service providers and identity providers.<\/p>\nWhen we do a live SAML test, these meta aliases become very important.<\/p>\nThey help ForgeRock route requests correctly, making sure that authentication requests go to the right endpoint.[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=”1_3,1_3,1_3″ _builder_version=”4.9.7″ _module_preset=”default” background_color=”#064399″ use_background_color_gradient=”on” background_color_gradient_start=”#0095f2″ background_color_gradient_end=”#7dbed8″ background_color_gradient_direction=”92deg” background_color_gradient_start_position=”35%” background_color_gradient_end_position=”80%” transform_scale=”73%|62%” transform_scale_linked=”off” transform_translate=”-53px|-50px” transform_translate_linked=”off” link_option_url=”https:\/\/cloudfoundation.com\/” link_option_url_new_window=”on”][et_pb_column type=”1_3″ _builder_version=”4.9.7″ _module_preset=”default”][et_pb_image src=”https:\/\/cloudfoundation.com\/blog\/wp-content\/uploads\/2023\/06\/SS_436-_Converted_-1.png” title_text=”SS_436 _Converted_ 1″ _builder_version=”4.9.7″ _module_preset=”default” transform_scale=”114%|112%” transform_scale_linked=”off” transform_translate=”25px|-4px” transform_translate_linked=”off” width=”98.1%” custom_margin=”|7px|||false|false”][\/et_pb_image][\/et_pb_column][et_pb_column type=”1_3″ _builder_version=”4.9.7″ _module_preset=”default”][et_pb_text _builder_version=”4.9.7″ _module_preset=”default” text_font=”Georgia|700|||||||” text_font_size=”23px” text_line_height=”1.3em” header_font=”Georgia|700|||||||” header_font_size=”21px” header_letter_spacing=”-1px” header_line_height=”2em” transform_scale=”171%|159%” transform_scale_linked=”off” transform_translate=”40px|44px” transform_translate_linked=”off” transform_origin=”70%|50%” z_index=”-161″ width=”100%” custom_margin=”|-215px||||” custom_padding=”|0px||||” link_option_url=”https:\/\/cloudfoundation.com\/sap-global-trade-services-course\/”]<\/p>\nForgeRock Training<\/span><\/h1>\n[\/et_pb_text][et_pb_button button_url=”https:\/\/cloudfoundation.com\/sap-global-trade-services-course\/” url_new_window=”on” button_text=”Explore Course Content” _builder_version=”4.9.7″ _module_preset=”default” custom_button=”on” button_text_color=”#0C71C3″ button_bg_color=”#FFFFFF” button_font=”|700|||||||” transform_translate=”64px|65px” transform_translate_linked=”off”][\/et_pb_button][\/et_pb_column][et_pb_column type=”1_3″ _builder_version=”4.9.7″ _module_preset=”default”][et_pb_image src=”https:\/\/cloudfoundation.com\/blog\/wp-content\/uploads\/2019\/06\/logo_resize_color.png” title_text=”logo_resize_color” _builder_version=”4.9.7″ _module_preset=”default” transform_translate=”-36px|0px” transform_translate_linked=”off” custom_margin=”|||178px||”][\/et_pb_image][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=”4.9.7″ background_size=”initial” background_position=”top_left” background_repeat=”repeat”][et_pb_column type=”4_4″ _builder_version=”3.25″ custom_padding=”|||” custom_padding__hover=”|||”][et_pb_text _builder_version=”4.9.7″ text_font=”Georgia||||||||” text_text_color=”#000000″ text_font_size=”22px” text_line_height=”1.9em” header_2_font=”|700|||||||” header_2_font_size=”31px” max_width=”800px” max_width_last_edited=”off|phone” custom_margin=”|||10%” custom_margin_last_edited=”off|desktop” text_font_size_tablet=”” text_font_size_phone=”” text_font_size_last_edited=”on|phone” text_line_height_last_edited=”off|phone”]<\/p>\n<\/span>ForgeRock SAML Flow for End Users<\/span><\/h2>\nI always start with the end user when I talk about SAML flow in ForgeRock.<\/p>\nThe end user is the person who tries to use a browser to get to an app.<\/p>\nThe user clicks on the URL in their browser, which starts the whole ForgeRock authentication process.<\/p>\nIn this process, the identity provider handles user authentication and sends ForgeRock the SAML assertions it needs.<\/p>\nThe application sends the user to the identity provider as soon as they try to log in for the first time.<\/p>\nThis redirect has the request for SAML authentication.<\/p>\nWhen ForgeRock AM gets this request, it checks the user’s identity and gets the artifact ID and assertion ready in XML format.<\/p>\n<\/span>ForgeRock Assertion Creation and Artifact ID Handling<\/span><\/h2>\nForgeRock sends back the artifact ID after it checks the user.<\/p>\nThe assertion is in this artifact ID, and the user’s browser sends this information to the service provider again.<\/p>\nThe service provider gets the ForgeRock artifact ID and checks right away to see if the identity provider really gave it to them.<\/p>\nForgeRock checks the session by verifying the artifact ID.<\/p>\n<\/p>\nThis makes sure that the assertion really comes from the correct identity provider.<\/p>\nThe service provider gives the user permission once the artifact ID has been checked.<\/p>\nThe user can finally get to the app now.<\/p>\nThe service provider and ForgeRock talk to each other a lot, but the user only sees a smooth login process.<\/p>\n<\/span>ForgeRock SAML Flow for End Users<\/span><\/h2>\nI always start with the end user when I talk about SAML flow in ForgeRock.<\/p>\nThe end user is the person who tries to use a browser to get to an app.<\/p>\nThe user clicks on the URL in their browser, which starts the whole ForgeRock authentication process.<\/p>\nIn this process, the identity provider handles user authentication and sends ForgeRock the SAML assertions it needs.<\/p>\nThe application sends the user to the identity provider as soon as they try to log in for the first time.<\/p>\nThis redirect has the request for SAML authentication.<\/p>\nWhen ForgeRock AM gets this request, it checks the user’s identity and gets the artifact ID and assertion ready in XML format.<\/p>\n<\/span>ForgeRock Assertion Creation and Artifact ID Handling<\/span><\/h2>\nForgeRock sends back the artifact ID after it checks the user.<\/p>\nThe assertion is in this artifact ID, and the user’s browser sends this information to the service provider again.<\/p>\nThe service provider gets the ForgeRock artifact ID and checks right away to see if the identity provider really gave it to them.<\/p>\nForgeRock checks the session by verifying the artifact ID.<\/p>\n<\/video><\/p>\nThis makes sure that the assertion really comes from the correct identity provider.<\/p>\nThe service provider gives the user permission once the artifact ID has been checked.<\/p>\nThe user can finally get to the app now.<\/p>\nThe service provider and ForgeRock talk to each other a lot, but the user only sees a smooth login process.<\/p>\n<\/span>ForgeRock Service Provider Processing<\/span><\/h2>\nInside a real ForgeRock service provider configuration, you will notice the Assertion Consumer Service section.<\/p>\nThis service is responsible for consuming the SAML assertion sent by the ForgeRock identity provider.<\/p>\nThere are several artifact bindings in ForgeRock, including HTTP-Artifact and HTTP-POST.<\/p>\nArtifact binding keeps user information hidden, while POST binding sends the ForgeRock SAML assertion to the client.<\/p>\nWhen we make a SAML app, I show both bindings so that students can clearly see the difference.<\/p>\n<\/span>ForgeRock Signing, Encryption, and Algorithms<\/span><\/h2>\nForgeRock gives you a lot of ways to sign and encrypt requests and responses.<\/p>\nClients sometimes want the authentication request to be signed with a certain certificate.<\/p>\nIn these cases, I show you how to set up ForgeRock AM to use the client’s certificate to sign the SAML request.<\/p>\nYou can also sign the ForgeRock assertion before you send it to the service provider.<\/p>\nThese settings are not required, but a lot of projects use them to make things safer.<\/p>\nForgeRock also lets you encrypt attributes or the whole assertion, and it gives you a choice of algorithms.<\/p>\nInside a real ForgeRock service provider configuration, you will notice the Assertion Consumer Service section.<\/p>\nThis service is responsible for consuming the SAML assertion sent by the ForgeRock identity provider.<\/p>\nThere are several artifact bindings in ForgeRock, including HTTP-Artifact and HTTP-POST.<\/p>\nArtifact binding keeps user information hidden, while POST binding sends the ForgeRock SAML assertion to the client.<\/p>\nWhen we make a SAML app, I show both bindings so that students can clearly see the difference.<\/p>\n<\/span>ForgeRock Signing, Encryption, and Algorithms<\/span><\/h2>\nForgeRock gives you a lot of ways to sign and encrypt requests and responses.<\/p>\nClients sometimes want the authentication request to be signed with a certain certificate.<\/p>\nIn these cases, I show you how to set up ForgeRock AM to use the client’s certificate to sign the SAML request.<\/p>\nYou can also sign the ForgeRock assertion before you send it to the service provider.<\/p>\nThese settings are not required, but a lot of projects use them to make things safer.<\/p>\nForgeRock also lets you encrypt attributes or the whole assertion, and it gives you a choice of algorithms.[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=”1_3,1_3,1_3″ _builder_version=”4.9.7″ _module_preset=”default” background_color=”#064399″ use_background_color_gradient=”on” background_color_gradient_start=”#ff8c7c” background_color_gradient_end=”#e5ba4e” background_color_gradient_type=”radial” background_color_gradient_direction_radial=”top left” background_color_gradient_start_position=”35%” background_color_gradient_end_position=”80%” transform_scale=”74%|69%” transform_scale_linked=”off” transform_translate=”-53px|-50px” transform_translate_linked=”off” custom_margin=”||-5px||false|false” custom_padding=”|||2px|false|false” link_option_url=”https:\/\/cloudfoundation.com” link_option_url_new_window=”on”][et_pb_column type=”1_3″ _builder_version=”4.9.7″ _module_preset=”default”][et_pb_image src=”https:\/\/cloudfoundation.com\/blog\/wp-content\/uploads\/2023\/06\/8423118_3895895.png” title_text=”8423118_3895895″ _builder_version=”4.9.7″ _module_preset=”default” width=”85.4%” custom_margin=”-31px||-24px||false|false” custom_padding=”|22px|0px||false|false”][\/et_pb_image][\/et_pb_column][et_pb_column type=”1_3″ _builder_version=”4.9.7″ _module_preset=”default”][et_pb_text _builder_version=”4.9.7″ _module_preset=”default” text_font=”Georgia|700|||||||” text_font_size=”23px” text_line_height=”1.3em” header_font=”Georgia|700|||||||” header_font_size=”19px” header_letter_spacing=”-1px” header_line_height=”1.2em” transform_scale=”171%|159%” transform_scale_linked=”off” transform_translate=”40px|44px” transform_translate_linked=”off” transform_origin=”70%|50%” z_index=”-161″ width=”100%” custom_margin=”|-215px||||” custom_padding=”|0px||||” link_option_url=”https:\/\/cloudfoundation.com\/sap-global-trade-services-course\/”]<\/p>\nForgeRock Online Training<\/span><\/h1>\n[\/et_pb_text][et_pb_button button_url=”https:\/\/cloudfoundation.com\/sap-global-trade-services-course\/” url_new_window=”on” button_text=”Up Coming Batches” _builder_version=”4.9.7″ _module_preset=”default” custom_button=”on” button_text_color=”#E09900″ button_bg_color=”#FFFFFF” button_font=”|700|||||||” transform_translate=”64px|65px” transform_translate_linked=”off” background_layout=”dark”][\/et_pb_button][\/et_pb_column][et_pb_column type=”1_3″ _builder_version=”4.9.7″ _module_preset=”default”][et_pb_image src=”https:\/\/cloudfoundation.com\/blog\/wp-content\/uploads\/2019\/06\/logo_resize_color.png” title_text=”logo_resize_color” _builder_version=”4.9.7″ _module_preset=”default” transform_translate=”-36px|0px” transform_translate_linked=”off” custom_margin=”|||178px||”][\/et_pb_image][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=”4.9.7″ background_size=”initial” background_position=”top_left” background_repeat=”repeat”][et_pb_column type=”4_4″ _builder_version=”3.25″ custom_padding=”|||” custom_padding__hover=”|||”][et_pb_text _builder_version=”4.9.7″ text_font=”Georgia||||||||” text_text_color=”#000000″ text_font_size=”22px” text_line_height=”1.9em” header_2_font=”|700|||||||” header_2_font_size=”31px” max_width=”800px” max_width_last_edited=”off|phone” custom_margin=”|||10%” custom_margin_last_edited=”off|desktop” text_font_size_tablet=”” text_font_size_phone=”” text_font_size_last_edited=”on|phone” text_line_height_last_edited=”off|phone”]<\/p>\n<\/span>ForgeRock Name ID Formats and User Identity Handling<\/span><\/h2>\nWhen I talk about Name ID formats in ForgeRock, I explain how the service figures out which identity to use for authentication.<\/p>\nYou can set up ForgeRock to verify users’ identities using an email address, a temporary ID, a permanent ID, or even an unknown ID.<\/p>\nYou can change the Name ID list in ForgeRock to fit the needs of your client.<\/p>\nThe Name ID affects how users are mapped between the service provider and the ForgeRock identity provider.<\/p>\nThese facts give them the confidence they need to make real-world ForgeRock SAML integrations.<\/p>\n<\/span>ForgeRock Authentication Basics<\/span><\/h2>\nAs we look at different authentication contexts, I talk about how Kerberos works in Windows SSO and how ForgeRock works in enterprise login flows.<\/p>\nWhen you sign in to your computer and automatically open several programs, that smooth transition is similar to what we later create with ForgeRock authentication journeys.<\/p>\nWhen you use a direct username-password check, ForgeRock shows you how basic authentication works.<\/p>\nYou can turn it on or leave it as is, depending on your project.<\/p>\n<\/p>\nWe can control how the user’s identity moves through the flow when we combine ForgeRock with other authentication modules.<\/p>\nThis is even more important when we start mapping assertions from identity providers outside of our own.<\/p>\n<\/span>ForgeRock Assertion Mapping in Practice<\/span><\/h2>\nWhen you work with ForgeRock, knowing what these fields mean can help you fix problems that come up when you set up federation.<\/p>\nI often show you a sample SAML response so you can see how the identity provider sends data to the service provider.<\/p>\nWhen we bring ForgeRock into the picture, you learn how the platform consumes the name ID, sometimes an email, sometimes a user ID.<\/p>\nYou\u2019ll also see how ForgeRock uses the account mapper and the auto-federation key to match incoming identities with internal accounts.<\/p>\n<\/span>ForgeRock and IDP-Initiated vs SP-Initiated Flow<\/span><\/h2>\nIf the user goes straight to the identity provider in ForgeRock, the IDP takes over and starts the whole authentication process.<\/p>\nI always say it simply: in an IDP-initiated flow, the user first touches the IDP, and ForgeRock takes care of the SAML process from there.<\/p>\nIn an SP-initiated flow, the user tries to access the app first. If there is no active session, ForgeRock sends them to the IDP to verify their identity.<\/p>\n<\/span>ForgeRock and Service Tab Configuration<\/span><\/h2>\nI point out the meta alias path in the services tab of ForgeRock because we use it a lot.<\/p>\nForgeRock uses a lot of aliases, and having them on hand helps avoid confusion later when building or testing SAML URLs.<\/p>\n<\/span>ForgeRock and Adjusting Meta Alias URLs<\/span><\/h2>\nWe don’t use the default alias, which is \/IDP.<\/p>\nInstead, we use a custom path, like \/contractor\/ForgeRock.<\/p>\n<\/video><\/p>\nI also tell you to make sure the SP entity ID is exactly the same as it is in ForgeRock so that testing doesn’t break anything.<\/p>\n<\/span>ForgeRock and Testing the SAML Request<\/span><\/h2>\nAfter setting it up, try the URL.<\/p>\nThey you can see the request leave the browser and go to ForgeRock right away if their SAML Tracer is turned on.<\/p>\nUse Incognito mode to check if their SAML Tracer can see data from private windows.<\/p>\nIt helps them fix things without cached sessions.[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=”1_3,1_3,1_3″ _builder_version=”4.9.7″ _module_preset=”default” background_color=”#064399″ use_background_color_gradient=”on” background_color_gradient_start=”#494fff” background_color_gradient_end=”#9ea6ff” background_color_gradient_type=”radial” background_color_gradient_direction_radial=”top left” background_color_gradient_start_position=”35%” background_color_gradient_end_position=”80%” transform_scale=”74%|71%” transform_scale_linked=”off” transform_translate=”-53px|-50px” transform_translate_linked=”off” link_option_url=”https:\/\/cloudfoundation.com\/blog\/” link_option_url_new_window=”on”][et_pb_column type=”1_3″ _builder_version=”4.9.7″ _module_preset=”default”][et_pb_image src=”https:\/\/cloudfoundation.com\/blog\/wp-content\/uploads\/2023\/06\/Untitled-11.png” _builder_version=”4.9.7″ _module_preset=”default” transform_scale=”103%|103%” transform_scale_linked=”off” transform_translate=”11px|0px” transform_translate_linked=”off” custom_padding=”|88px||||”][\/et_pb_image][\/et_pb_column][et_pb_column type=”1_3″ _builder_version=”4.9.7″ _module_preset=”default”][et_pb_text _builder_version=”4.9.7″ _module_preset=”default” text_font=”Georgia|700|||||||” text_text_color=”#FFFFFF” text_font_size=”23px” text_line_height=”1.3em” header_font=”Georgia|700|||||||” header_font_size=”19px” header_letter_spacing=”-1px” header_line_height=”1.2em” transform_scale=”171%|159%” transform_scale_linked=”off” transform_translate=”40px|44px” transform_translate_linked=”off” transform_origin=”70%|50%” z_index=”-161″ width=”100%” custom_margin=”|-215px||||” custom_padding=”|0px||||” link_option_url=”https:\/\/cloudfoundation.com\/blog\/” link_option_url_new_window=”on”]<\/p>\nForgeRock Course Price<\/strong><\/span><\/h1>\n[\/et_pb_text][et_pb_button button_url=”https:\/\/cloudfoundation.com\/blog\/” url_new_window=”on” button_text=”Offer Price” _builder_version=”4.9.7″ _module_preset=”default” custom_button=”on” button_text_color=”#0C71C3″ button_bg_color=”#FFFFFF” button_font=”|700|||||||” transform_translate=”64px|65px” transform_translate_linked=”off”][\/et_pb_button][\/et_pb_column][et_pb_column type=”1_3″ _builder_version=”4.9.7″ _module_preset=”default”][et_pb_image src=”https:\/\/cloudfoundation.com\/blog\/wp-content\/uploads\/2019\/06\/logo_resize_color.png” url=”https:\/\/cloudfoundation.com\/blog\/” url_new_window=”on” _builder_version=”4.9.7″ _module_preset=”default” transform_translate=”-36px|0px” transform_translate_linked=”off” custom_margin=”|||178px||”][\/et_pb_image][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=”4.9.7″ background_size=”initial” background_position=”top_left” background_repeat=”repeat”][et_pb_column type=”4_4″ _builder_version=”3.25″ custom_padding=”|||” custom_padding__hover=”|||”][et_pb_team_member name=”Nishitha” position=”Author” image_url=”http:\/\/cloudfoundation.com\/blog\/wp-content\/uploads\/2026\/01\/Nishitha.png” _builder_version=”4.9.7″ header_level=”h5″ header_font=”Titillium Web|700|||||||” body_font=”Titillium Web||||||||” body_font_size=”16″ hover_enabled=”0″ title_text=”Nishitha” sticky_enabled=”0″]<\/p>\nA mind once stretched by a new idea never returns to its original dimensions.<\/p>\n[\/et_pb_team_member][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":"[et_pb_section fb_built=”1″ _builder_version=”4.9.7″][et_pb_row _builder_version=”4.9.7″ background_size=”initial” background_position=”top_left” background_repeat=”repeat”][et_pb_column type=”4_4″ _builder_version=”3.25″ custom_padding=”|||” custom_padding__hover=”|||”][et_pb_post_title meta=”off” featured_image=”off” _builder_version=”4.9.7″ title_font=”Times New Roman||||||||” title_text_align=”left” title_text_color=”#000000″ title_font_size=”47″ background_color=”RGBA(0,0,0,0)” background_enable_image=”off” custom_margin=”|||10%” title_font_size_tablet=”40″ title_font_size_phone=”35″ title_font_size_last_edited=”on|desktop”][\/et_pb_post_title][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=”4.9.7″ background_size=”initial” background_position=”top_left” background_repeat=”repeat”][et_pb_column type=”4_4″ _builder_version=”3.25″ custom_padding=”|||” custom_padding__hover=”|||”][et_pb_text _builder_version=”4.9.7″ text_font=”Georgia||||||||” text_text_color=”#000000″ text_font_size=”22px” text_line_height=”1.9em” header_2_font=”|700|||||||” header_2_font_size=”31px” max_width=”800px” max_width_last_edited=”off|phone” custom_margin=”|||10%” custom_margin_last_edited=”off|desktop” text_font_size_tablet=”” text_font_size_phone=”” text_font_size_last_edited=”on|phone” text_line_height_last_edited=”off|phone”] ForgeRock and the Flow of SAML […]<\/p>\n","protected":false},"author":7,"featured_media":107344,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"","_et_gb_content_width":"2880","footnotes":""},"categories":[228],"tags":[],"class_list":{"0":"post-107326","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-forgerock"},"yoast_head":"\nForgeRock Online Course on SAML Authentication<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/cloudfoundation.com\/blog\/forgerock-online-course-on-saml-authentication\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"ForgeRock Online Course on SAML Authentication\" \/>\n<meta property=\"og:description\" content=\"[et_pb_section fb_built=”1″ _builder_version=”4.9.7″][et_pb_row _builder_version=”4.9.7″ background_size=”initial” background_position=”top_left” background_repeat=”repeat”][et_pb_column type=”4_4″ _builder_version=”3.25″ custom_padding=”|||” custom_padding__hover=”|||”][et_pb_post_title meta=”off” featured_image=”off” _builder_version=”4.9.7″ title_font=”Times New Roman||||||||” title_text_align=”left” title_text_color=”#000000″ title_font_size=”47″ background_color=”RGBA(0,0,0,0)” background_enable_image=”off” custom_margin=”|||10%” title_font_size_tablet=”40″ title_font_size_phone=”35″ title_font_size_last_edited=”on|desktop”][\/et_pb_post_title][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=”4.9.7″ background_size=”initial” background_position=”top_left” background_repeat=”repeat”][et_pb_column type=”4_4″ _builder_version=”3.25″ custom_padding=”|||” custom_padding__hover=”|||”][et_pb_text _builder_version=”4.9.7″ text_font=”Georgia||||||||” text_text_color=”#000000″ text_font_size=”22px” text_line_height=”1.9em” header_2_font=”|700|||||||” header_2_font_size=”31px” max_width=”800px” max_width_last_edited=”off|phone” custom_margin=”|||10%” custom_margin_last_edited=”off|desktop” text_font_size_tablet=”” text_font_size_phone=”” text_font_size_last_edited=”on|phone” text_line_height_last_edited=”off|phone”] ForgeRock and the Flow of SAML […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/cloudfoundation.com\/blog\/forgerock-online-course-on-saml-authentication\/\" \/>\n<meta property=\"og:site_name\" content=\"CloudFoundation | Blog\" \/>\n<meta property=\"article:published_time\" content=\"2025-12-15T05:50:11+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-01-19T11:58:35+00:00\" \/>\n<meta property=\"og:image\" content=\"http:\/\/cloudfoundation.com\/blog\/wp-content\/uploads\/2025\/12\/forgerock..jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"500\" \/>\n\t<meta property=\"og:image:height\" content=\"500\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"NAGENDRAG\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"NAGENDRAG\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"11 minutes\" \/>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"ForgeRock Online Course on SAML Authentication","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/cloudfoundation.com\/blog\/forgerock-online-course-on-saml-authentication\/","og_locale":"en_US","og_type":"article","og_title":"ForgeRock Online Course on SAML Authentication","og_description":"[et_pb_section fb_built=”1″ _builder_version=”4.9.7″][et_pb_row _builder_version=”4.9.7″ background_size=”initial” background_position=”top_left” background_repeat=”repeat”][et_pb_column type=”4_4″ _builder_version=”3.25″ custom_padding=”|||” custom_padding__hover=”|||”][et_pb_post_title meta=”off” featured_image=”off” _builder_version=”4.9.7″ title_font=”Times New Roman||||||||” title_text_align=”left” title_text_color=”#000000″ title_font_size=”47″ background_color=”RGBA(0,0,0,0)” background_enable_image=”off” custom_margin=”|||10%” title_font_size_tablet=”40″ title_font_size_phone=”35″ title_font_size_last_edited=”on|desktop”][\/et_pb_post_title][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=”4.9.7″ background_size=”initial” background_position=”top_left” background_repeat=”repeat”][et_pb_column type=”4_4″ _builder_version=”3.25″ custom_padding=”|||” custom_padding__hover=”|||”][et_pb_text _builder_version=”4.9.7″ text_font=”Georgia||||||||” text_text_color=”#000000″ text_font_size=”22px” text_line_height=”1.9em” header_2_font=”|700|||||||” header_2_font_size=”31px” max_width=”800px” max_width_last_edited=”off|phone” custom_margin=”|||10%” custom_margin_last_edited=”off|desktop” text_font_size_tablet=”” text_font_size_phone=”” text_font_size_last_edited=”on|phone” text_line_height_last_edited=”off|phone”] ForgeRock and the Flow of SAML […]","og_url":"https:\/\/cloudfoundation.com\/blog\/forgerock-online-course-on-saml-authentication\/","og_site_name":"CloudFoundation | Blog","article_published_time":"2025-12-15T05:50:11+00:00","article_modified_time":"2026-01-19T11:58:35+00:00","og_image":[{"width":500,"height":500,"url":"http:\/\/cloudfoundation.com\/blog\/wp-content\/uploads\/2025\/12\/forgerock..jpg","type":"image\/jpeg"}],"author":"NAGENDRAG","twitter_card":"summary_large_image","twitter_misc":{"Written by":"NAGENDRAG","Est. reading time":"11 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/cloudfoundation.com\/blog\/forgerock-online-course-on-saml-authentication\/","url":"https:\/\/cloudfoundation.com\/blog\/forgerock-online-course-on-saml-authentication\/","name":"ForgeRock Online Course on SAML Authentication","isPartOf":{"@id":"https:\/\/cloudfoundation.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/cloudfoundation.com\/blog\/forgerock-online-course-on-saml-authentication\/#primaryimage"},"image":{"@id":"https:\/\/cloudfoundation.com\/blog\/forgerock-online-course-on-saml-authentication\/#primaryimage"},"thumbnailUrl":"https:\/\/cloudfoundation.com\/blog\/wp-content\/uploads\/2025\/12\/forgerock..jpg","datePublished":"2025-12-15T05:50:11+00:00","dateModified":"2026-01-19T11:58:35+00:00","author":{"@id":"https:\/\/cloudfoundation.com\/blog\/#\/schema\/person\/df6c7eba98f1bb15f2a100a9958266e4"},"breadcrumb":{"@id":"https:\/\/cloudfoundation.com\/blog\/forgerock-online-course-on-saml-authentication\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/cloudfoundation.com\/blog\/forgerock-online-course-on-saml-authentication\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cloudfoundation.com\/blog\/forgerock-online-course-on-saml-authentication\/#primaryimage","url":"https:\/\/cloudfoundation.com\/blog\/wp-content\/uploads\/2025\/12\/forgerock..jpg","contentUrl":"https:\/\/cloudfoundation.com\/blog\/wp-content\/uploads\/2025\/12\/forgerock..jpg","width":500,"height":500},{"@type":"BreadcrumbList","@id":"https:\/\/cloudfoundation.com\/blog\/forgerock-online-course-on-saml-authentication\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/cloudfoundation.com\/blog\/"},{"@type":"ListItem","position":2,"name":"ForgeRock Online Course on SAML Authentication"}]},{"@type":"WebSite","@id":"https:\/\/cloudfoundation.com\/blog\/#website","url":"https:\/\/cloudfoundation.com\/blog\/","name":"CloudFoundation | Blog","description":"A New way of Learning","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/cloudfoundation.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/cloudfoundation.com\/blog\/#\/schema\/person\/df6c7eba98f1bb15f2a100a9958266e4","name":"NAGENDRAG","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cloudfoundation.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/09e08ba1102807a876f2c00245d6b955f0a9f027b40c181e9cee0cd2d927f84a?s=96&d=wavatar&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/09e08ba1102807a876f2c00245d6b955f0a9f027b40c181e9cee0cd2d927f84a?s=96&d=wavatar&r=g","caption":"NAGENDRAG"},"url":"https:\/\/cloudfoundation.com\/blog\/author\/nagendrag\/"}]}},"_links":{"self":[{"href":"https:\/\/cloudfoundation.com\/blog\/wp-json\/wp\/v2\/posts\/107326","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cloudfoundation.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cloudfoundation.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cloudfoundation.com\/blog\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/cloudfoundation.com\/blog\/wp-json\/wp\/v2\/comments?post=107326"}],"version-history":[{"count":9,"href":"https:\/\/cloudfoundation.com\/blog\/wp-json\/wp\/v2\/posts\/107326\/revisions"}],"predecessor-version":[{"id":108162,"href":"https:\/\/cloudfoundation.com\/blog\/wp-json\/wp\/v2\/posts\/107326\/revisions\/108162"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cloudfoundation.com\/blog\/wp-json\/wp\/v2\/media\/107344"}],"wp:attachment":[{"href":"https:\/\/cloudfoundation.com\/blog\/wp-json\/wp\/v2\/media?parent=107326"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cloudfoundation.com\/blog\/wp-json\/wp\/v2\/categories?post=107326"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cloudfoundation.com\/blog\/wp-json\/wp\/v2\/tags?post=107326"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
I name the circle and turn it on. Then, ForgeRock sees it as a formal trust relationship between systems.<\/p>\n
The circle of trust inside ForgeRock has a list of identity and service providers that talk to each other.<\/p>\n
The trust relationship starts as soon as I add the ForgeRock identity provider and service provider to the circle.<\/p>\n
This is the part that students often like the most because it makes the idea of trust very real.<\/p>\n
I also show how ForgeRock shows the meta alias for both service providers and identity providers.<\/p>\n
When we do a live SAML test, these meta aliases become very important.<\/p>\n
They help ForgeRock route requests correctly, making sure that authentication requests go to the right endpoint.[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=”1_3,1_3,1_3″ _builder_version=”4.9.7″ _module_preset=”default” background_color=”#064399″ use_background_color_gradient=”on” background_color_gradient_start=”#0095f2″ background_color_gradient_end=”#7dbed8″ background_color_gradient_direction=”92deg” background_color_gradient_start_position=”35%” background_color_gradient_end_position=”80%” transform_scale=”73%|62%” transform_scale_linked=”off” transform_translate=”-53px|-50px” transform_translate_linked=”off” link_option_url=”https:\/\/cloudfoundation.com\/” link_option_url_new_window=”on”][et_pb_column type=”1_3″ _builder_version=”4.9.7″ _module_preset=”default”][et_pb_image src=”https:\/\/cloudfoundation.com\/blog\/wp-content\/uploads\/2023\/06\/SS_436-_Converted_-1.png” title_text=”SS_436 _Converted_ 1″ _builder_version=”4.9.7″ _module_preset=”default” transform_scale=”114%|112%” transform_scale_linked=”off” transform_translate=”25px|-4px” transform_translate_linked=”off” width=”98.1%” custom_margin=”|7px|||false|false”][\/et_pb_image][\/et_pb_column][et_pb_column type=”1_3″ _builder_version=”4.9.7″ _module_preset=”default”][et_pb_text _builder_version=”4.9.7″ _module_preset=”default” text_font=”Georgia|700|||||||” text_font_size=”23px” text_line_height=”1.3em” header_font=”Georgia|700|||||||” header_font_size=”21px” header_letter_spacing=”-1px” header_line_height=”2em” transform_scale=”171%|159%” transform_scale_linked=”off” transform_translate=”40px|44px” transform_translate_linked=”off” transform_origin=”70%|50%” z_index=”-161″ width=”100%” custom_margin=”|-215px||||” custom_padding=”|0px||||” link_option_url=”https:\/\/cloudfoundation.com\/sap-global-trade-services-course\/”]<\/p>\n
[\/et_pb_text][et_pb_button button_url=”https:\/\/cloudfoundation.com\/sap-global-trade-services-course\/” url_new_window=”on” button_text=”Explore Course Content” _builder_version=”4.9.7″ _module_preset=”default” custom_button=”on” button_text_color=”#0C71C3″ button_bg_color=”#FFFFFF” button_font=”|700|||||||” transform_translate=”64px|65px” transform_translate_linked=”off”][\/et_pb_button][\/et_pb_column][et_pb_column type=”1_3″ _builder_version=”4.9.7″ _module_preset=”default”][et_pb_image src=”https:\/\/cloudfoundation.com\/blog\/wp-content\/uploads\/2019\/06\/logo_resize_color.png” title_text=”logo_resize_color” _builder_version=”4.9.7″ _module_preset=”default” transform_translate=”-36px|0px” transform_translate_linked=”off” custom_margin=”|||178px||”][\/et_pb_image][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=”4.9.7″ background_size=”initial” background_position=”top_left” background_repeat=”repeat”][et_pb_column type=”4_4″ _builder_version=”3.25″ custom_padding=”|||” custom_padding__hover=”|||”][et_pb_text _builder_version=”4.9.7″ text_font=”Georgia||||||||” text_text_color=”#000000″ text_font_size=”22px” text_line_height=”1.9em” header_2_font=”|700|||||||” header_2_font_size=”31px” max_width=”800px” max_width_last_edited=”off|phone” custom_margin=”|||10%” custom_margin_last_edited=”off|desktop” text_font_size_tablet=”” text_font_size_phone=”” text_font_size_last_edited=”on|phone” text_line_height_last_edited=”off|phone”]<\/p>\n
I always start with the end user when I talk about SAML flow in ForgeRock.<\/p>\n
The end user is the person who tries to use a browser to get to an app.<\/p>\n
The user clicks on the URL in their browser, which starts the whole ForgeRock authentication process.<\/p>\n
In this process, the identity provider handles user authentication and sends ForgeRock the SAML assertions it needs.<\/p>\n
The application sends the user to the identity provider as soon as they try to log in for the first time.<\/p>\n
This redirect has the request for SAML authentication.<\/p>\n
When ForgeRock AM gets this request, it checks the user’s identity and gets the artifact ID and assertion ready in XML format.<\/p>\n
ForgeRock sends back the artifact ID after it checks the user.<\/p>\n
The assertion is in this artifact ID, and the user’s browser sends this information to the service provider again.<\/p>\n
The service provider gets the ForgeRock artifact ID and checks right away to see if the identity provider really gave it to them.<\/p>\n
ForgeRock checks the session by verifying the artifact ID.<\/p>\n
This makes sure that the assertion really comes from the correct identity provider.<\/p>\n
The service provider gives the user permission once the artifact ID has been checked.<\/p>\n
The user can finally get to the app now.<\/p>\n
The service provider and ForgeRock talk to each other a lot, but the user only sees a smooth login process.<\/p>\n
<\/video><\/p>\nThis makes sure that the assertion really comes from the correct identity provider.<\/p>\nThe service provider gives the user permission once the artifact ID has been checked.<\/p>\nThe user can finally get to the app now.<\/p>\nThe service provider and ForgeRock talk to each other a lot, but the user only sees a smooth login process.<\/p>\n<\/span>ForgeRock Service Provider Processing<\/span><\/h2>\nInside a real ForgeRock service provider configuration, you will notice the Assertion Consumer Service section.<\/p>\nThis service is responsible for consuming the SAML assertion sent by the ForgeRock identity provider.<\/p>\nThere are several artifact bindings in ForgeRock, including HTTP-Artifact and HTTP-POST.<\/p>\nArtifact binding keeps user information hidden, while POST binding sends the ForgeRock SAML assertion to the client.<\/p>\nWhen we make a SAML app, I show both bindings so that students can clearly see the difference.<\/p>\n<\/span>ForgeRock Signing, Encryption, and Algorithms<\/span><\/h2>\nForgeRock gives you a lot of ways to sign and encrypt requests and responses.<\/p>\nClients sometimes want the authentication request to be signed with a certain certificate.<\/p>\nIn these cases, I show you how to set up ForgeRock AM to use the client’s certificate to sign the SAML request.<\/p>\nYou can also sign the ForgeRock assertion before you send it to the service provider.<\/p>\nThese settings are not required, but a lot of projects use them to make things safer.<\/p>\nForgeRock also lets you encrypt attributes or the whole assertion, and it gives you a choice of algorithms.<\/p>\nInside a real ForgeRock service provider configuration, you will notice the Assertion Consumer Service section.<\/p>\nThis service is responsible for consuming the SAML assertion sent by the ForgeRock identity provider.<\/p>\nThere are several artifact bindings in ForgeRock, including HTTP-Artifact and HTTP-POST.<\/p>\nArtifact binding keeps user information hidden, while POST binding sends the ForgeRock SAML assertion to the client.<\/p>\nWhen we make a SAML app, I show both bindings so that students can clearly see the difference.<\/p>\n<\/span>ForgeRock Signing, Encryption, and Algorithms<\/span><\/h2>\nForgeRock gives you a lot of ways to sign and encrypt requests and responses.<\/p>\nClients sometimes want the authentication request to be signed with a certain certificate.<\/p>\nIn these cases, I show you how to set up ForgeRock AM to use the client’s certificate to sign the SAML request.<\/p>\nYou can also sign the ForgeRock assertion before you send it to the service provider.<\/p>\nThese settings are not required, but a lot of projects use them to make things safer.<\/p>\nForgeRock also lets you encrypt attributes or the whole assertion, and it gives you a choice of algorithms.[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=”1_3,1_3,1_3″ _builder_version=”4.9.7″ _module_preset=”default” background_color=”#064399″ use_background_color_gradient=”on” background_color_gradient_start=”#ff8c7c” background_color_gradient_end=”#e5ba4e” background_color_gradient_type=”radial” background_color_gradient_direction_radial=”top left” background_color_gradient_start_position=”35%” background_color_gradient_end_position=”80%” transform_scale=”74%|69%” transform_scale_linked=”off” transform_translate=”-53px|-50px” transform_translate_linked=”off” custom_margin=”||-5px||false|false” custom_padding=”|||2px|false|false” link_option_url=”https:\/\/cloudfoundation.com” link_option_url_new_window=”on”][et_pb_column type=”1_3″ _builder_version=”4.9.7″ _module_preset=”default”][et_pb_image src=”https:\/\/cloudfoundation.com\/blog\/wp-content\/uploads\/2023\/06\/8423118_3895895.png” title_text=”8423118_3895895″ _builder_version=”4.9.7″ _module_preset=”default” width=”85.4%” custom_margin=”-31px||-24px||false|false” custom_padding=”|22px|0px||false|false”][\/et_pb_image][\/et_pb_column][et_pb_column type=”1_3″ _builder_version=”4.9.7″ _module_preset=”default”][et_pb_text _builder_version=”4.9.7″ _module_preset=”default” text_font=”Georgia|700|||||||” text_font_size=”23px” text_line_height=”1.3em” header_font=”Georgia|700|||||||” header_font_size=”19px” header_letter_spacing=”-1px” header_line_height=”1.2em” transform_scale=”171%|159%” transform_scale_linked=”off” transform_translate=”40px|44px” transform_translate_linked=”off” transform_origin=”70%|50%” z_index=”-161″ width=”100%” custom_margin=”|-215px||||” custom_padding=”|0px||||” link_option_url=”https:\/\/cloudfoundation.com\/sap-global-trade-services-course\/”]<\/p>\nForgeRock Online Training<\/span><\/h1>\n[\/et_pb_text][et_pb_button button_url=”https:\/\/cloudfoundation.com\/sap-global-trade-services-course\/” url_new_window=”on” button_text=”Up Coming Batches” _builder_version=”4.9.7″ _module_preset=”default” custom_button=”on” button_text_color=”#E09900″ button_bg_color=”#FFFFFF” button_font=”|700|||||||” transform_translate=”64px|65px” transform_translate_linked=”off” background_layout=”dark”][\/et_pb_button][\/et_pb_column][et_pb_column type=”1_3″ _builder_version=”4.9.7″ _module_preset=”default”][et_pb_image src=”https:\/\/cloudfoundation.com\/blog\/wp-content\/uploads\/2019\/06\/logo_resize_color.png” title_text=”logo_resize_color” _builder_version=”4.9.7″ _module_preset=”default” transform_translate=”-36px|0px” transform_translate_linked=”off” custom_margin=”|||178px||”][\/et_pb_image][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=”4.9.7″ background_size=”initial” background_position=”top_left” background_repeat=”repeat”][et_pb_column type=”4_4″ _builder_version=”3.25″ custom_padding=”|||” custom_padding__hover=”|||”][et_pb_text _builder_version=”4.9.7″ text_font=”Georgia||||||||” text_text_color=”#000000″ text_font_size=”22px” text_line_height=”1.9em” header_2_font=”|700|||||||” header_2_font_size=”31px” max_width=”800px” max_width_last_edited=”off|phone” custom_margin=”|||10%” custom_margin_last_edited=”off|desktop” text_font_size_tablet=”” text_font_size_phone=”” text_font_size_last_edited=”on|phone” text_line_height_last_edited=”off|phone”]<\/p>\n<\/span>ForgeRock Name ID Formats and User Identity Handling<\/span><\/h2>\nWhen I talk about Name ID formats in ForgeRock, I explain how the service figures out which identity to use for authentication.<\/p>\nYou can set up ForgeRock to verify users’ identities using an email address, a temporary ID, a permanent ID, or even an unknown ID.<\/p>\nYou can change the Name ID list in ForgeRock to fit the needs of your client.<\/p>\nThe Name ID affects how users are mapped between the service provider and the ForgeRock identity provider.<\/p>\nThese facts give them the confidence they need to make real-world ForgeRock SAML integrations.<\/p>\n<\/span>ForgeRock Authentication Basics<\/span><\/h2>\nAs we look at different authentication contexts, I talk about how Kerberos works in Windows SSO and how ForgeRock works in enterprise login flows.<\/p>\nWhen you sign in to your computer and automatically open several programs, that smooth transition is similar to what we later create with ForgeRock authentication journeys.<\/p>\nWhen you use a direct username-password check, ForgeRock shows you how basic authentication works.<\/p>\nYou can turn it on or leave it as is, depending on your project.<\/p>\n<\/p>\nWe can control how the user’s identity moves through the flow when we combine ForgeRock with other authentication modules.<\/p>\nThis is even more important when we start mapping assertions from identity providers outside of our own.<\/p>\n<\/span>ForgeRock Assertion Mapping in Practice<\/span><\/h2>\nWhen you work with ForgeRock, knowing what these fields mean can help you fix problems that come up when you set up federation.<\/p>\nI often show you a sample SAML response so you can see how the identity provider sends data to the service provider.<\/p>\nWhen we bring ForgeRock into the picture, you learn how the platform consumes the name ID, sometimes an email, sometimes a user ID.<\/p>\nYou\u2019ll also see how ForgeRock uses the account mapper and the auto-federation key to match incoming identities with internal accounts.<\/p>\n<\/span>ForgeRock and IDP-Initiated vs SP-Initiated Flow<\/span><\/h2>\nIf the user goes straight to the identity provider in ForgeRock, the IDP takes over and starts the whole authentication process.<\/p>\nI always say it simply: in an IDP-initiated flow, the user first touches the IDP, and ForgeRock takes care of the SAML process from there.<\/p>\nIn an SP-initiated flow, the user tries to access the app first. If there is no active session, ForgeRock sends them to the IDP to verify their identity.<\/p>\n<\/span>ForgeRock and Service Tab Configuration<\/span><\/h2>\nI point out the meta alias path in the services tab of ForgeRock because we use it a lot.<\/p>\nForgeRock uses a lot of aliases, and having them on hand helps avoid confusion later when building or testing SAML URLs.<\/p>\n<\/span>ForgeRock and Adjusting Meta Alias URLs<\/span><\/h2>\nWe don’t use the default alias, which is \/IDP.<\/p>\nInstead, we use a custom path, like \/contractor\/ForgeRock.<\/p>\n<\/video><\/p>\nI also tell you to make sure the SP entity ID is exactly the same as it is in ForgeRock so that testing doesn’t break anything.<\/p>\n<\/span>ForgeRock and Testing the SAML Request<\/span><\/h2>\nAfter setting it up, try the URL.<\/p>\nThey you can see the request leave the browser and go to ForgeRock right away if their SAML Tracer is turned on.<\/p>\nUse Incognito mode to check if their SAML Tracer can see data from private windows.<\/p>\nIt helps them fix things without cached sessions.[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=”1_3,1_3,1_3″ _builder_version=”4.9.7″ _module_preset=”default” background_color=”#064399″ use_background_color_gradient=”on” background_color_gradient_start=”#494fff” background_color_gradient_end=”#9ea6ff” background_color_gradient_type=”radial” background_color_gradient_direction_radial=”top left” background_color_gradient_start_position=”35%” background_color_gradient_end_position=”80%” transform_scale=”74%|71%” transform_scale_linked=”off” transform_translate=”-53px|-50px” transform_translate_linked=”off” link_option_url=”https:\/\/cloudfoundation.com\/blog\/” link_option_url_new_window=”on”][et_pb_column type=”1_3″ _builder_version=”4.9.7″ _module_preset=”default”][et_pb_image src=”https:\/\/cloudfoundation.com\/blog\/wp-content\/uploads\/2023\/06\/Untitled-11.png” _builder_version=”4.9.7″ _module_preset=”default” transform_scale=”103%|103%” transform_scale_linked=”off” transform_translate=”11px|0px” transform_translate_linked=”off” custom_padding=”|88px||||”][\/et_pb_image][\/et_pb_column][et_pb_column type=”1_3″ _builder_version=”4.9.7″ _module_preset=”default”][et_pb_text _builder_version=”4.9.7″ _module_preset=”default” text_font=”Georgia|700|||||||” text_text_color=”#FFFFFF” text_font_size=”23px” text_line_height=”1.3em” header_font=”Georgia|700|||||||” header_font_size=”19px” header_letter_spacing=”-1px” header_line_height=”1.2em” transform_scale=”171%|159%” transform_scale_linked=”off” transform_translate=”40px|44px” transform_translate_linked=”off” transform_origin=”70%|50%” z_index=”-161″ width=”100%” custom_margin=”|-215px||||” custom_padding=”|0px||||” link_option_url=”https:\/\/cloudfoundation.com\/blog\/” link_option_url_new_window=”on”]<\/p>\nForgeRock Course Price<\/strong><\/span><\/h1>\n[\/et_pb_text][et_pb_button button_url=”https:\/\/cloudfoundation.com\/blog\/” url_new_window=”on” button_text=”Offer Price” _builder_version=”4.9.7″ _module_preset=”default” custom_button=”on” button_text_color=”#0C71C3″ button_bg_color=”#FFFFFF” button_font=”|700|||||||” transform_translate=”64px|65px” transform_translate_linked=”off”][\/et_pb_button][\/et_pb_column][et_pb_column type=”1_3″ _builder_version=”4.9.7″ _module_preset=”default”][et_pb_image src=”https:\/\/cloudfoundation.com\/blog\/wp-content\/uploads\/2019\/06\/logo_resize_color.png” url=”https:\/\/cloudfoundation.com\/blog\/” url_new_window=”on” _builder_version=”4.9.7″ _module_preset=”default” transform_translate=”-36px|0px” transform_translate_linked=”off” custom_margin=”|||178px||”][\/et_pb_image][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=”4.9.7″ background_size=”initial” background_position=”top_left” background_repeat=”repeat”][et_pb_column type=”4_4″ _builder_version=”3.25″ custom_padding=”|||” custom_padding__hover=”|||”][et_pb_team_member name=”Nishitha” position=”Author” image_url=”http:\/\/cloudfoundation.com\/blog\/wp-content\/uploads\/2026\/01\/Nishitha.png” _builder_version=”4.9.7″ header_level=”h5″ header_font=”Titillium Web|700|||||||” body_font=”Titillium Web||||||||” body_font_size=”16″ hover_enabled=”0″ title_text=”Nishitha” sticky_enabled=”0″]<\/p>\nA mind once stretched by a new idea never returns to its original dimensions.<\/p>\n[\/et_pb_team_member][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":"[et_pb_section fb_built=”1″ _builder_version=”4.9.7″][et_pb_row _builder_version=”4.9.7″ background_size=”initial” background_position=”top_left” background_repeat=”repeat”][et_pb_column type=”4_4″ _builder_version=”3.25″ custom_padding=”|||” custom_padding__hover=”|||”][et_pb_post_title meta=”off” featured_image=”off” _builder_version=”4.9.7″ title_font=”Times New Roman||||||||” title_text_align=”left” title_text_color=”#000000″ title_font_size=”47″ background_color=”RGBA(0,0,0,0)” background_enable_image=”off” custom_margin=”|||10%” title_font_size_tablet=”40″ title_font_size_phone=”35″ title_font_size_last_edited=”on|desktop”][\/et_pb_post_title][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=”4.9.7″ background_size=”initial” background_position=”top_left” background_repeat=”repeat”][et_pb_column type=”4_4″ _builder_version=”3.25″ custom_padding=”|||” custom_padding__hover=”|||”][et_pb_text _builder_version=”4.9.7″ text_font=”Georgia||||||||” text_text_color=”#000000″ text_font_size=”22px” text_line_height=”1.9em” header_2_font=”|700|||||||” header_2_font_size=”31px” max_width=”800px” max_width_last_edited=”off|phone” custom_margin=”|||10%” custom_margin_last_edited=”off|desktop” text_font_size_tablet=”” text_font_size_phone=”” text_font_size_last_edited=”on|phone” text_line_height_last_edited=”off|phone”] ForgeRock and the Flow of SAML […]<\/p>\n","protected":false},"author":7,"featured_media":107344,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"","_et_gb_content_width":"2880","footnotes":""},"categories":[228],"tags":[],"class_list":{"0":"post-107326","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-forgerock"},"yoast_head":"\nForgeRock Online Course on SAML Authentication<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/cloudfoundation.com\/blog\/forgerock-online-course-on-saml-authentication\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"ForgeRock Online Course on SAML Authentication\" \/>\n<meta property=\"og:description\" content=\"[et_pb_section fb_built=”1″ _builder_version=”4.9.7″][et_pb_row _builder_version=”4.9.7″ background_size=”initial” background_position=”top_left” background_repeat=”repeat”][et_pb_column type=”4_4″ _builder_version=”3.25″ custom_padding=”|||” custom_padding__hover=”|||”][et_pb_post_title meta=”off” featured_image=”off” _builder_version=”4.9.7″ title_font=”Times New Roman||||||||” title_text_align=”left” title_text_color=”#000000″ title_font_size=”47″ background_color=”RGBA(0,0,0,0)” background_enable_image=”off” custom_margin=”|||10%” title_font_size_tablet=”40″ title_font_size_phone=”35″ title_font_size_last_edited=”on|desktop”][\/et_pb_post_title][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=”4.9.7″ background_size=”initial” background_position=”top_left” background_repeat=”repeat”][et_pb_column type=”4_4″ _builder_version=”3.25″ custom_padding=”|||” custom_padding__hover=”|||”][et_pb_text _builder_version=”4.9.7″ text_font=”Georgia||||||||” text_text_color=”#000000″ text_font_size=”22px” text_line_height=”1.9em” header_2_font=”|700|||||||” header_2_font_size=”31px” max_width=”800px” max_width_last_edited=”off|phone” custom_margin=”|||10%” custom_margin_last_edited=”off|desktop” text_font_size_tablet=”” text_font_size_phone=”” text_font_size_last_edited=”on|phone” text_line_height_last_edited=”off|phone”] ForgeRock and the Flow of SAML […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/cloudfoundation.com\/blog\/forgerock-online-course-on-saml-authentication\/\" \/>\n<meta property=\"og:site_name\" content=\"CloudFoundation | Blog\" \/>\n<meta property=\"article:published_time\" content=\"2025-12-15T05:50:11+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-01-19T11:58:35+00:00\" \/>\n<meta property=\"og:image\" content=\"http:\/\/cloudfoundation.com\/blog\/wp-content\/uploads\/2025\/12\/forgerock..jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"500\" \/>\n\t<meta property=\"og:image:height\" content=\"500\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"NAGENDRAG\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"NAGENDRAG\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"11 minutes\" \/>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"ForgeRock Online Course on SAML Authentication","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/cloudfoundation.com\/blog\/forgerock-online-course-on-saml-authentication\/","og_locale":"en_US","og_type":"article","og_title":"ForgeRock Online Course on SAML Authentication","og_description":"[et_pb_section fb_built=”1″ _builder_version=”4.9.7″][et_pb_row _builder_version=”4.9.7″ background_size=”initial” background_position=”top_left” background_repeat=”repeat”][et_pb_column type=”4_4″ _builder_version=”3.25″ custom_padding=”|||” custom_padding__hover=”|||”][et_pb_post_title meta=”off” featured_image=”off” _builder_version=”4.9.7″ title_font=”Times New Roman||||||||” title_text_align=”left” title_text_color=”#000000″ title_font_size=”47″ background_color=”RGBA(0,0,0,0)” background_enable_image=”off” custom_margin=”|||10%” title_font_size_tablet=”40″ title_font_size_phone=”35″ title_font_size_last_edited=”on|desktop”][\/et_pb_post_title][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=”4.9.7″ background_size=”initial” background_position=”top_left” background_repeat=”repeat”][et_pb_column type=”4_4″ _builder_version=”3.25″ custom_padding=”|||” custom_padding__hover=”|||”][et_pb_text _builder_version=”4.9.7″ text_font=”Georgia||||||||” text_text_color=”#000000″ text_font_size=”22px” text_line_height=”1.9em” header_2_font=”|700|||||||” header_2_font_size=”31px” max_width=”800px” max_width_last_edited=”off|phone” custom_margin=”|||10%” custom_margin_last_edited=”off|desktop” text_font_size_tablet=”” text_font_size_phone=”” text_font_size_last_edited=”on|phone” text_line_height_last_edited=”off|phone”] ForgeRock and the Flow of SAML […]","og_url":"https:\/\/cloudfoundation.com\/blog\/forgerock-online-course-on-saml-authentication\/","og_site_name":"CloudFoundation | Blog","article_published_time":"2025-12-15T05:50:11+00:00","article_modified_time":"2026-01-19T11:58:35+00:00","og_image":[{"width":500,"height":500,"url":"http:\/\/cloudfoundation.com\/blog\/wp-content\/uploads\/2025\/12\/forgerock..jpg","type":"image\/jpeg"}],"author":"NAGENDRAG","twitter_card":"summary_large_image","twitter_misc":{"Written by":"NAGENDRAG","Est. reading time":"11 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/cloudfoundation.com\/blog\/forgerock-online-course-on-saml-authentication\/","url":"https:\/\/cloudfoundation.com\/blog\/forgerock-online-course-on-saml-authentication\/","name":"ForgeRock Online Course on SAML Authentication","isPartOf":{"@id":"https:\/\/cloudfoundation.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/cloudfoundation.com\/blog\/forgerock-online-course-on-saml-authentication\/#primaryimage"},"image":{"@id":"https:\/\/cloudfoundation.com\/blog\/forgerock-online-course-on-saml-authentication\/#primaryimage"},"thumbnailUrl":"https:\/\/cloudfoundation.com\/blog\/wp-content\/uploads\/2025\/12\/forgerock..jpg","datePublished":"2025-12-15T05:50:11+00:00","dateModified":"2026-01-19T11:58:35+00:00","author":{"@id":"https:\/\/cloudfoundation.com\/blog\/#\/schema\/person\/df6c7eba98f1bb15f2a100a9958266e4"},"breadcrumb":{"@id":"https:\/\/cloudfoundation.com\/blog\/forgerock-online-course-on-saml-authentication\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/cloudfoundation.com\/blog\/forgerock-online-course-on-saml-authentication\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cloudfoundation.com\/blog\/forgerock-online-course-on-saml-authentication\/#primaryimage","url":"https:\/\/cloudfoundation.com\/blog\/wp-content\/uploads\/2025\/12\/forgerock..jpg","contentUrl":"https:\/\/cloudfoundation.com\/blog\/wp-content\/uploads\/2025\/12\/forgerock..jpg","width":500,"height":500},{"@type":"BreadcrumbList","@id":"https:\/\/cloudfoundation.com\/blog\/forgerock-online-course-on-saml-authentication\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/cloudfoundation.com\/blog\/"},{"@type":"ListItem","position":2,"name":"ForgeRock Online Course on SAML Authentication"}]},{"@type":"WebSite","@id":"https:\/\/cloudfoundation.com\/blog\/#website","url":"https:\/\/cloudfoundation.com\/blog\/","name":"CloudFoundation | Blog","description":"A New way of Learning","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/cloudfoundation.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/cloudfoundation.com\/blog\/#\/schema\/person\/df6c7eba98f1bb15f2a100a9958266e4","name":"NAGENDRAG","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cloudfoundation.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/09e08ba1102807a876f2c00245d6b955f0a9f027b40c181e9cee0cd2d927f84a?s=96&d=wavatar&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/09e08ba1102807a876f2c00245d6b955f0a9f027b40c181e9cee0cd2d927f84a?s=96&d=wavatar&r=g","caption":"NAGENDRAG"},"url":"https:\/\/cloudfoundation.com\/blog\/author\/nagendrag\/"}]}},"_links":{"self":[{"href":"https:\/\/cloudfoundation.com\/blog\/wp-json\/wp\/v2\/posts\/107326","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cloudfoundation.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cloudfoundation.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cloudfoundation.com\/blog\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/cloudfoundation.com\/blog\/wp-json\/wp\/v2\/comments?post=107326"}],"version-history":[{"count":9,"href":"https:\/\/cloudfoundation.com\/blog\/wp-json\/wp\/v2\/posts\/107326\/revisions"}],"predecessor-version":[{"id":108162,"href":"https:\/\/cloudfoundation.com\/blog\/wp-json\/wp\/v2\/posts\/107326\/revisions\/108162"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cloudfoundation.com\/blog\/wp-json\/wp\/v2\/media\/107344"}],"wp:attachment":[{"href":"https:\/\/cloudfoundation.com\/blog\/wp-json\/wp\/v2\/media?parent=107326"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cloudfoundation.com\/blog\/wp-json\/wp\/v2\/categories?post=107326"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cloudfoundation.com\/blog\/wp-json\/wp\/v2\/tags?post=107326"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
Inside a real ForgeRock service provider configuration, you will notice the Assertion Consumer Service section.<\/p>\n
This service is responsible for consuming the SAML assertion sent by the ForgeRock identity provider.<\/p>\n
There are several artifact bindings in ForgeRock, including HTTP-Artifact and HTTP-POST.<\/p>\n
Artifact binding keeps user information hidden, while POST binding sends the ForgeRock SAML assertion to the client.<\/p>\n
When we make a SAML app, I show both bindings so that students can clearly see the difference.<\/p>\n
ForgeRock gives you a lot of ways to sign and encrypt requests and responses.<\/p>\n
Clients sometimes want the authentication request to be signed with a certain certificate.<\/p>\n
In these cases, I show you how to set up ForgeRock AM to use the client’s certificate to sign the SAML request.<\/p>\n
You can also sign the ForgeRock assertion before you send it to the service provider.<\/p>\n
These settings are not required, but a lot of projects use them to make things safer.<\/p>\n
ForgeRock also lets you encrypt attributes or the whole assertion, and it gives you a choice of algorithms.<\/p>\n
ForgeRock also lets you encrypt attributes or the whole assertion, and it gives you a choice of algorithms.[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=”1_3,1_3,1_3″ _builder_version=”4.9.7″ _module_preset=”default” background_color=”#064399″ use_background_color_gradient=”on” background_color_gradient_start=”#ff8c7c” background_color_gradient_end=”#e5ba4e” background_color_gradient_type=”radial” background_color_gradient_direction_radial=”top left” background_color_gradient_start_position=”35%” background_color_gradient_end_position=”80%” transform_scale=”74%|69%” transform_scale_linked=”off” transform_translate=”-53px|-50px” transform_translate_linked=”off” custom_margin=”||-5px||false|false” custom_padding=”|||2px|false|false” link_option_url=”https:\/\/cloudfoundation.com” link_option_url_new_window=”on”][et_pb_column type=”1_3″ _builder_version=”4.9.7″ _module_preset=”default”][et_pb_image src=”https:\/\/cloudfoundation.com\/blog\/wp-content\/uploads\/2023\/06\/8423118_3895895.png” title_text=”8423118_3895895″ _builder_version=”4.9.7″ _module_preset=”default” width=”85.4%” custom_margin=”-31px||-24px||false|false” custom_padding=”|22px|0px||false|false”][\/et_pb_image][\/et_pb_column][et_pb_column type=”1_3″ _builder_version=”4.9.7″ _module_preset=”default”][et_pb_text _builder_version=”4.9.7″ _module_preset=”default” text_font=”Georgia|700|||||||” text_font_size=”23px” text_line_height=”1.3em” header_font=”Georgia|700|||||||” header_font_size=”19px” header_letter_spacing=”-1px” header_line_height=”1.2em” transform_scale=”171%|159%” transform_scale_linked=”off” transform_translate=”40px|44px” transform_translate_linked=”off” transform_origin=”70%|50%” z_index=”-161″ width=”100%” custom_margin=”|-215px||||” custom_padding=”|0px||||” link_option_url=”https:\/\/cloudfoundation.com\/sap-global-trade-services-course\/”]<\/p>\n
[\/et_pb_text][et_pb_button button_url=”https:\/\/cloudfoundation.com\/sap-global-trade-services-course\/” url_new_window=”on” button_text=”Up Coming Batches” _builder_version=”4.9.7″ _module_preset=”default” custom_button=”on” button_text_color=”#E09900″ button_bg_color=”#FFFFFF” button_font=”|700|||||||” transform_translate=”64px|65px” transform_translate_linked=”off” background_layout=”dark”][\/et_pb_button][\/et_pb_column][et_pb_column type=”1_3″ _builder_version=”4.9.7″ _module_preset=”default”][et_pb_image src=”https:\/\/cloudfoundation.com\/blog\/wp-content\/uploads\/2019\/06\/logo_resize_color.png” title_text=”logo_resize_color” _builder_version=”4.9.7″ _module_preset=”default” transform_translate=”-36px|0px” transform_translate_linked=”off” custom_margin=”|||178px||”][\/et_pb_image][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=”4.9.7″ background_size=”initial” background_position=”top_left” background_repeat=”repeat”][et_pb_column type=”4_4″ _builder_version=”3.25″ custom_padding=”|||” custom_padding__hover=”|||”][et_pb_text _builder_version=”4.9.7″ text_font=”Georgia||||||||” text_text_color=”#000000″ text_font_size=”22px” text_line_height=”1.9em” header_2_font=”|700|||||||” header_2_font_size=”31px” max_width=”800px” max_width_last_edited=”off|phone” custom_margin=”|||10%” custom_margin_last_edited=”off|desktop” text_font_size_tablet=”” text_font_size_phone=”” text_font_size_last_edited=”on|phone” text_line_height_last_edited=”off|phone”]<\/p>\n
When I talk about Name ID formats in ForgeRock, I explain how the service figures out which identity to use for authentication.<\/p>\n
You can set up ForgeRock to verify users’ identities using an email address, a temporary ID, a permanent ID, or even an unknown ID.<\/p>\n
You can change the Name ID list in ForgeRock to fit the needs of your client.<\/p>\n
The Name ID affects how users are mapped between the service provider and the ForgeRock identity provider.<\/p>\n
These facts give them the confidence they need to make real-world ForgeRock SAML integrations.<\/p>\n
As we look at different authentication contexts, I talk about how Kerberos works in Windows SSO and how ForgeRock works in enterprise login flows.<\/p>\n
When you sign in to your computer and automatically open several programs, that smooth transition is similar to what we later create with ForgeRock authentication journeys.<\/p>\n
When you use a direct username-password check, ForgeRock shows you how basic authentication works.<\/p>\n
You can turn it on or leave it as is, depending on your project.<\/p>\n
We can control how the user’s identity moves through the flow when we combine ForgeRock with other authentication modules.<\/p>\n
This is even more important when we start mapping assertions from identity providers outside of our own.<\/p>\n
When you work with ForgeRock, knowing what these fields mean can help you fix problems that come up when you set up federation.<\/p>\n
I often show you a sample SAML response so you can see how the identity provider sends data to the service provider.<\/p>\n
When we bring ForgeRock into the picture, you learn how the platform consumes the name ID, sometimes an email, sometimes a user ID.<\/p>\n
You\u2019ll also see how ForgeRock uses the account mapper and the auto-federation key to match incoming identities with internal accounts.<\/p>\n
If the user goes straight to the identity provider in ForgeRock, the IDP takes over and starts the whole authentication process.<\/p>\n
I always say it simply: in an IDP-initiated flow, the user first touches the IDP, and ForgeRock takes care of the SAML process from there.<\/p>\n
In an SP-initiated flow, the user tries to access the app first. If there is no active session, ForgeRock sends them to the IDP to verify their identity.<\/p>\n
I point out the meta alias path in the services tab of ForgeRock because we use it a lot.<\/p>\n
ForgeRock uses a lot of aliases, and having them on hand helps avoid confusion later when building or testing SAML URLs.<\/p>\n
We don’t use the default alias, which is \/IDP.<\/p>\n
Instead, we use a custom path, like \/contractor\/ForgeRock.<\/p>\n
<\/video><\/p>\nI also tell you to make sure the SP entity ID is exactly the same as it is in ForgeRock so that testing doesn’t break anything.<\/p>\n<\/span>ForgeRock and Testing the SAML Request<\/span><\/h2>\nAfter setting it up, try the URL.<\/p>\nThey you can see the request leave the browser and go to ForgeRock right away if their SAML Tracer is turned on.<\/p>\nUse Incognito mode to check if their SAML Tracer can see data from private windows.<\/p>\nIt helps them fix things without cached sessions.[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=”1_3,1_3,1_3″ _builder_version=”4.9.7″ _module_preset=”default” background_color=”#064399″ use_background_color_gradient=”on” background_color_gradient_start=”#494fff” background_color_gradient_end=”#9ea6ff” background_color_gradient_type=”radial” background_color_gradient_direction_radial=”top left” background_color_gradient_start_position=”35%” background_color_gradient_end_position=”80%” transform_scale=”74%|71%” transform_scale_linked=”off” transform_translate=”-53px|-50px” transform_translate_linked=”off” link_option_url=”https:\/\/cloudfoundation.com\/blog\/” link_option_url_new_window=”on”][et_pb_column type=”1_3″ _builder_version=”4.9.7″ _module_preset=”default”][et_pb_image src=”https:\/\/cloudfoundation.com\/blog\/wp-content\/uploads\/2023\/06\/Untitled-11.png” _builder_version=”4.9.7″ _module_preset=”default” transform_scale=”103%|103%” transform_scale_linked=”off” transform_translate=”11px|0px” transform_translate_linked=”off” custom_padding=”|88px||||”][\/et_pb_image][\/et_pb_column][et_pb_column type=”1_3″ _builder_version=”4.9.7″ _module_preset=”default”][et_pb_text _builder_version=”4.9.7″ _module_preset=”default” text_font=”Georgia|700|||||||” text_text_color=”#FFFFFF” text_font_size=”23px” text_line_height=”1.3em” header_font=”Georgia|700|||||||” header_font_size=”19px” header_letter_spacing=”-1px” header_line_height=”1.2em” transform_scale=”171%|159%” transform_scale_linked=”off” transform_translate=”40px|44px” transform_translate_linked=”off” transform_origin=”70%|50%” z_index=”-161″ width=”100%” custom_margin=”|-215px||||” custom_padding=”|0px||||” link_option_url=”https:\/\/cloudfoundation.com\/blog\/” link_option_url_new_window=”on”]<\/p>\nForgeRock Course Price<\/strong><\/span><\/h1>\n[\/et_pb_text][et_pb_button button_url=”https:\/\/cloudfoundation.com\/blog\/” url_new_window=”on” button_text=”Offer Price” _builder_version=”4.9.7″ _module_preset=”default” custom_button=”on” button_text_color=”#0C71C3″ button_bg_color=”#FFFFFF” button_font=”|700|||||||” transform_translate=”64px|65px” transform_translate_linked=”off”][\/et_pb_button][\/et_pb_column][et_pb_column type=”1_3″ _builder_version=”4.9.7″ _module_preset=”default”][et_pb_image src=”https:\/\/cloudfoundation.com\/blog\/wp-content\/uploads\/2019\/06\/logo_resize_color.png” url=”https:\/\/cloudfoundation.com\/blog\/” url_new_window=”on” _builder_version=”4.9.7″ _module_preset=”default” transform_translate=”-36px|0px” transform_translate_linked=”off” custom_margin=”|||178px||”][\/et_pb_image][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=”4.9.7″ background_size=”initial” background_position=”top_left” background_repeat=”repeat”][et_pb_column type=”4_4″ _builder_version=”3.25″ custom_padding=”|||” custom_padding__hover=”|||”][et_pb_team_member name=”Nishitha” position=”Author” image_url=”http:\/\/cloudfoundation.com\/blog\/wp-content\/uploads\/2026\/01\/Nishitha.png” _builder_version=”4.9.7″ header_level=”h5″ header_font=”Titillium Web|700|||||||” body_font=”Titillium Web||||||||” body_font_size=”16″ hover_enabled=”0″ title_text=”Nishitha” sticky_enabled=”0″]<\/p>\nA mind once stretched by a new idea never returns to its original dimensions.<\/p>\n[\/et_pb_team_member][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":"[et_pb_section fb_built=”1″ _builder_version=”4.9.7″][et_pb_row _builder_version=”4.9.7″ background_size=”initial” background_position=”top_left” background_repeat=”repeat”][et_pb_column type=”4_4″ _builder_version=”3.25″ custom_padding=”|||” custom_padding__hover=”|||”][et_pb_post_title meta=”off” featured_image=”off” _builder_version=”4.9.7″ title_font=”Times New Roman||||||||” title_text_align=”left” title_text_color=”#000000″ title_font_size=”47″ background_color=”RGBA(0,0,0,0)” background_enable_image=”off” custom_margin=”|||10%” title_font_size_tablet=”40″ title_font_size_phone=”35″ title_font_size_last_edited=”on|desktop”][\/et_pb_post_title][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=”4.9.7″ background_size=”initial” background_position=”top_left” background_repeat=”repeat”][et_pb_column type=”4_4″ _builder_version=”3.25″ custom_padding=”|||” custom_padding__hover=”|||”][et_pb_text _builder_version=”4.9.7″ text_font=”Georgia||||||||” text_text_color=”#000000″ text_font_size=”22px” text_line_height=”1.9em” header_2_font=”|700|||||||” header_2_font_size=”31px” max_width=”800px” max_width_last_edited=”off|phone” custom_margin=”|||10%” custom_margin_last_edited=”off|desktop” text_font_size_tablet=”” text_font_size_phone=”” text_font_size_last_edited=”on|phone” text_line_height_last_edited=”off|phone”] ForgeRock and the Flow of SAML […]<\/p>\n","protected":false},"author":7,"featured_media":107344,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"","_et_gb_content_width":"2880","footnotes":""},"categories":[228],"tags":[],"class_list":{"0":"post-107326","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-forgerock"},"yoast_head":"\nForgeRock Online Course on SAML Authentication<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/cloudfoundation.com\/blog\/forgerock-online-course-on-saml-authentication\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"ForgeRock Online Course on SAML Authentication\" \/>\n<meta property=\"og:description\" content=\"[et_pb_section fb_built=”1″ _builder_version=”4.9.7″][et_pb_row _builder_version=”4.9.7″ background_size=”initial” background_position=”top_left” background_repeat=”repeat”][et_pb_column type=”4_4″ _builder_version=”3.25″ custom_padding=”|||” custom_padding__hover=”|||”][et_pb_post_title meta=”off” featured_image=”off” _builder_version=”4.9.7″ title_font=”Times New Roman||||||||” title_text_align=”left” title_text_color=”#000000″ title_font_size=”47″ background_color=”RGBA(0,0,0,0)” background_enable_image=”off” custom_margin=”|||10%” title_font_size_tablet=”40″ title_font_size_phone=”35″ title_font_size_last_edited=”on|desktop”][\/et_pb_post_title][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=”4.9.7″ background_size=”initial” background_position=”top_left” background_repeat=”repeat”][et_pb_column type=”4_4″ _builder_version=”3.25″ custom_padding=”|||” custom_padding__hover=”|||”][et_pb_text _builder_version=”4.9.7″ text_font=”Georgia||||||||” text_text_color=”#000000″ text_font_size=”22px” text_line_height=”1.9em” header_2_font=”|700|||||||” header_2_font_size=”31px” max_width=”800px” max_width_last_edited=”off|phone” custom_margin=”|||10%” custom_margin_last_edited=”off|desktop” text_font_size_tablet=”” text_font_size_phone=”” text_font_size_last_edited=”on|phone” text_line_height_last_edited=”off|phone”] ForgeRock and the Flow of SAML […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/cloudfoundation.com\/blog\/forgerock-online-course-on-saml-authentication\/\" \/>\n<meta property=\"og:site_name\" content=\"CloudFoundation | Blog\" \/>\n<meta property=\"article:published_time\" content=\"2025-12-15T05:50:11+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-01-19T11:58:35+00:00\" \/>\n<meta property=\"og:image\" content=\"http:\/\/cloudfoundation.com\/blog\/wp-content\/uploads\/2025\/12\/forgerock..jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"500\" \/>\n\t<meta property=\"og:image:height\" content=\"500\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"NAGENDRAG\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"NAGENDRAG\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"11 minutes\" \/>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"ForgeRock Online Course on SAML Authentication","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/cloudfoundation.com\/blog\/forgerock-online-course-on-saml-authentication\/","og_locale":"en_US","og_type":"article","og_title":"ForgeRock Online Course on SAML Authentication","og_description":"[et_pb_section fb_built=”1″ _builder_version=”4.9.7″][et_pb_row _builder_version=”4.9.7″ background_size=”initial” background_position=”top_left” background_repeat=”repeat”][et_pb_column type=”4_4″ _builder_version=”3.25″ custom_padding=”|||” custom_padding__hover=”|||”][et_pb_post_title meta=”off” featured_image=”off” _builder_version=”4.9.7″ title_font=”Times New Roman||||||||” title_text_align=”left” title_text_color=”#000000″ title_font_size=”47″ background_color=”RGBA(0,0,0,0)” background_enable_image=”off” custom_margin=”|||10%” title_font_size_tablet=”40″ title_font_size_phone=”35″ title_font_size_last_edited=”on|desktop”][\/et_pb_post_title][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=”4.9.7″ background_size=”initial” background_position=”top_left” background_repeat=”repeat”][et_pb_column type=”4_4″ _builder_version=”3.25″ custom_padding=”|||” custom_padding__hover=”|||”][et_pb_text _builder_version=”4.9.7″ text_font=”Georgia||||||||” text_text_color=”#000000″ text_font_size=”22px” text_line_height=”1.9em” header_2_font=”|700|||||||” header_2_font_size=”31px” max_width=”800px” max_width_last_edited=”off|phone” custom_margin=”|||10%” custom_margin_last_edited=”off|desktop” text_font_size_tablet=”” text_font_size_phone=”” text_font_size_last_edited=”on|phone” text_line_height_last_edited=”off|phone”] ForgeRock and the Flow of SAML […]","og_url":"https:\/\/cloudfoundation.com\/blog\/forgerock-online-course-on-saml-authentication\/","og_site_name":"CloudFoundation | Blog","article_published_time":"2025-12-15T05:50:11+00:00","article_modified_time":"2026-01-19T11:58:35+00:00","og_image":[{"width":500,"height":500,"url":"http:\/\/cloudfoundation.com\/blog\/wp-content\/uploads\/2025\/12\/forgerock..jpg","type":"image\/jpeg"}],"author":"NAGENDRAG","twitter_card":"summary_large_image","twitter_misc":{"Written by":"NAGENDRAG","Est. reading time":"11 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/cloudfoundation.com\/blog\/forgerock-online-course-on-saml-authentication\/","url":"https:\/\/cloudfoundation.com\/blog\/forgerock-online-course-on-saml-authentication\/","name":"ForgeRock Online Course on SAML Authentication","isPartOf":{"@id":"https:\/\/cloudfoundation.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/cloudfoundation.com\/blog\/forgerock-online-course-on-saml-authentication\/#primaryimage"},"image":{"@id":"https:\/\/cloudfoundation.com\/blog\/forgerock-online-course-on-saml-authentication\/#primaryimage"},"thumbnailUrl":"https:\/\/cloudfoundation.com\/blog\/wp-content\/uploads\/2025\/12\/forgerock..jpg","datePublished":"2025-12-15T05:50:11+00:00","dateModified":"2026-01-19T11:58:35+00:00","author":{"@id":"https:\/\/cloudfoundation.com\/blog\/#\/schema\/person\/df6c7eba98f1bb15f2a100a9958266e4"},"breadcrumb":{"@id":"https:\/\/cloudfoundation.com\/blog\/forgerock-online-course-on-saml-authentication\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/cloudfoundation.com\/blog\/forgerock-online-course-on-saml-authentication\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cloudfoundation.com\/blog\/forgerock-online-course-on-saml-authentication\/#primaryimage","url":"https:\/\/cloudfoundation.com\/blog\/wp-content\/uploads\/2025\/12\/forgerock..jpg","contentUrl":"https:\/\/cloudfoundation.com\/blog\/wp-content\/uploads\/2025\/12\/forgerock..jpg","width":500,"height":500},{"@type":"BreadcrumbList","@id":"https:\/\/cloudfoundation.com\/blog\/forgerock-online-course-on-saml-authentication\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/cloudfoundation.com\/blog\/"},{"@type":"ListItem","position":2,"name":"ForgeRock Online Course on SAML Authentication"}]},{"@type":"WebSite","@id":"https:\/\/cloudfoundation.com\/blog\/#website","url":"https:\/\/cloudfoundation.com\/blog\/","name":"CloudFoundation | Blog","description":"A New way of Learning","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/cloudfoundation.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/cloudfoundation.com\/blog\/#\/schema\/person\/df6c7eba98f1bb15f2a100a9958266e4","name":"NAGENDRAG","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cloudfoundation.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/09e08ba1102807a876f2c00245d6b955f0a9f027b40c181e9cee0cd2d927f84a?s=96&d=wavatar&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/09e08ba1102807a876f2c00245d6b955f0a9f027b40c181e9cee0cd2d927f84a?s=96&d=wavatar&r=g","caption":"NAGENDRAG"},"url":"https:\/\/cloudfoundation.com\/blog\/author\/nagendrag\/"}]}},"_links":{"self":[{"href":"https:\/\/cloudfoundation.com\/blog\/wp-json\/wp\/v2\/posts\/107326","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cloudfoundation.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cloudfoundation.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cloudfoundation.com\/blog\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/cloudfoundation.com\/blog\/wp-json\/wp\/v2\/comments?post=107326"}],"version-history":[{"count":9,"href":"https:\/\/cloudfoundation.com\/blog\/wp-json\/wp\/v2\/posts\/107326\/revisions"}],"predecessor-version":[{"id":108162,"href":"https:\/\/cloudfoundation.com\/blog\/wp-json\/wp\/v2\/posts\/107326\/revisions\/108162"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cloudfoundation.com\/blog\/wp-json\/wp\/v2\/media\/107344"}],"wp:attachment":[{"href":"https:\/\/cloudfoundation.com\/blog\/wp-json\/wp\/v2\/media?parent=107326"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cloudfoundation.com\/blog\/wp-json\/wp\/v2\/categories?post=107326"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cloudfoundation.com\/blog\/wp-json\/wp\/v2\/tags?post=107326"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
I also tell you to make sure the SP entity ID is exactly the same as it is in ForgeRock so that testing doesn’t break anything.<\/p>\n
After setting it up, try the URL.<\/p>\n
They you can see the request leave the browser and go to ForgeRock right away if their SAML Tracer is turned on.<\/p>\n
Use Incognito mode to check if their SAML Tracer can see data from private windows.<\/p>\n
It helps them fix things without cached sessions.[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=”1_3,1_3,1_3″ _builder_version=”4.9.7″ _module_preset=”default” background_color=”#064399″ use_background_color_gradient=”on” background_color_gradient_start=”#494fff” background_color_gradient_end=”#9ea6ff” background_color_gradient_type=”radial” background_color_gradient_direction_radial=”top left” background_color_gradient_start_position=”35%” background_color_gradient_end_position=”80%” transform_scale=”74%|71%” transform_scale_linked=”off” transform_translate=”-53px|-50px” transform_translate_linked=”off” link_option_url=”https:\/\/cloudfoundation.com\/blog\/” link_option_url_new_window=”on”][et_pb_column type=”1_3″ _builder_version=”4.9.7″ _module_preset=”default”][et_pb_image src=”https:\/\/cloudfoundation.com\/blog\/wp-content\/uploads\/2023\/06\/Untitled-11.png” _builder_version=”4.9.7″ _module_preset=”default” transform_scale=”103%|103%” transform_scale_linked=”off” transform_translate=”11px|0px” transform_translate_linked=”off” custom_padding=”|88px||||”][\/et_pb_image][\/et_pb_column][et_pb_column type=”1_3″ _builder_version=”4.9.7″ _module_preset=”default”][et_pb_text _builder_version=”4.9.7″ _module_preset=”default” text_font=”Georgia|700|||||||” text_text_color=”#FFFFFF” text_font_size=”23px” text_line_height=”1.3em” header_font=”Georgia|700|||||||” header_font_size=”19px” header_letter_spacing=”-1px” header_line_height=”1.2em” transform_scale=”171%|159%” transform_scale_linked=”off” transform_translate=”40px|44px” transform_translate_linked=”off” transform_origin=”70%|50%” z_index=”-161″ width=”100%” custom_margin=”|-215px||||” custom_padding=”|0px||||” link_option_url=”https:\/\/cloudfoundation.com\/blog\/” link_option_url_new_window=”on”]<\/p>\n
[\/et_pb_text][et_pb_button button_url=”https:\/\/cloudfoundation.com\/blog\/” url_new_window=”on” button_text=”Offer Price” _builder_version=”4.9.7″ _module_preset=”default” custom_button=”on” button_text_color=”#0C71C3″ button_bg_color=”#FFFFFF” button_font=”|700|||||||” transform_translate=”64px|65px” transform_translate_linked=”off”][\/et_pb_button][\/et_pb_column][et_pb_column type=”1_3″ _builder_version=”4.9.7″ _module_preset=”default”][et_pb_image src=”https:\/\/cloudfoundation.com\/blog\/wp-content\/uploads\/2019\/06\/logo_resize_color.png” url=”https:\/\/cloudfoundation.com\/blog\/” url_new_window=”on” _builder_version=”4.9.7″ _module_preset=”default” transform_translate=”-36px|0px” transform_translate_linked=”off” custom_margin=”|||178px||”][\/et_pb_image][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=”4.9.7″ background_size=”initial” background_position=”top_left” background_repeat=”repeat”][et_pb_column type=”4_4″ _builder_version=”3.25″ custom_padding=”|||” custom_padding__hover=”|||”][et_pb_team_member name=”Nishitha” position=”Author” image_url=”http:\/\/cloudfoundation.com\/blog\/wp-content\/uploads\/2026\/01\/Nishitha.png” _builder_version=”4.9.7″ header_level=”h5″ header_font=”Titillium Web|700|||||||” body_font=”Titillium Web||||||||” body_font_size=”16″ hover_enabled=”0″ title_text=”Nishitha” sticky_enabled=”0″]<\/p>\n
A mind once stretched by a new idea never returns to its original dimensions.<\/p>\n
[\/et_pb_team_member][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":"
[et_pb_section fb_built=”1″ _builder_version=”4.9.7″][et_pb_row _builder_version=”4.9.7″ background_size=”initial” background_position=”top_left” background_repeat=”repeat”][et_pb_column type=”4_4″ _builder_version=”3.25″ custom_padding=”|||” custom_padding__hover=”|||”][et_pb_post_title meta=”off” featured_image=”off” _builder_version=”4.9.7″ title_font=”Times New Roman||||||||” title_text_align=”left” title_text_color=”#000000″ title_font_size=”47″ background_color=”RGBA(0,0,0,0)” background_enable_image=”off” custom_margin=”|||10%” title_font_size_tablet=”40″ title_font_size_phone=”35″ title_font_size_last_edited=”on|desktop”][\/et_pb_post_title][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=”4.9.7″ background_size=”initial” background_position=”top_left” background_repeat=”repeat”][et_pb_column type=”4_4″ _builder_version=”3.25″ custom_padding=”|||” custom_padding__hover=”|||”][et_pb_text _builder_version=”4.9.7″ text_font=”Georgia||||||||” text_text_color=”#000000″ text_font_size=”22px” text_line_height=”1.9em” header_2_font=”|700|||||||” header_2_font_size=”31px” max_width=”800px” max_width_last_edited=”off|phone” custom_margin=”|||10%” custom_margin_last_edited=”off|desktop” text_font_size_tablet=”” text_font_size_phone=”” text_font_size_last_edited=”on|phone” text_line_height_last_edited=”off|phone”] ForgeRock and the Flow of SAML […]<\/p>\n","protected":false},"author":7,"featured_media":107344,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"","_et_gb_content_width":"2880","footnotes":""},"categories":[228],"tags":[],"class_list":{"0":"post-107326","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-forgerock"},"yoast_head":"\n