The profile workflows are built using Spring WebFlow, so it's important to understand the basics of WebFlow flows before proceeding.
Within the IdP, a profile workflow is a Webflow flow that responds to a particular protocol profile request (e.g., SAML 2 SSO or SAML 1 Attribute Query).
The following describes the flow for each profile including the steps that make it up and what they do:
When a relying party makes a request of the identity provider, the IdP may wish to use a configuration tailored to the requester when responding. Such configurations are known as relying party configuration.
A relying party configuration (RPC) is a set of configuration options that apply to a given relying party. Every RPC contains, at least:
The profile configurations indicate whether a particular communication profile is enabled for use with the relying party and any special configuration options for that profile. Example communication profiles would be SAML 1 attribute queries, SAML 2 SSO requests, and ADFS v1 authentication request.
The IdP component responsible for keeping track of, and selecting the appropriate, RPC for a given request is the Relying Party Configuration Resolver.
The RPC for a request is selected by iterating through the ordered list of registered RPCs and evaluating the current profile request context against the RPC's criteria. The first RPC with a criteria to return an affirmative result is the RPC that's used for the request.
In addition, the resolver stores a special RPC that is used when the IdP deems a particular requester to be "anonymous". This usually occurs when the request does not identify the requester or the identity can not be verified.