When a user attempts to log in to RiskVision, the browser first sends a request to the Apache server. The request is redirected to the SAML Service Provider, which will verify the authentication token against the Identity Provider (IdP). The browser will display the login page so that the login credentials can be provided to the IdP.
If the authentication is successful, the IdP will generate and redirect the SAML response to the Tomcat server through the browser and Service Provider. RiskVision will verify the user in the system and log him or her in if available. However, if a user is not available in RiskVision, he or she will first be created in RiskVision and then be logged in.