How does SSO work?

When a user attempts to gain access to a protected resource on SP, she will be redirected to SSO software solution to login.
User enters their username/password they have for SSO.
The SSO requests authentication from its internal IdP to verify user identity.
If authentication succeeds, SSO redirects the user back to the SP and passes assertions to the SP (the assertions never includes user's password).

CS280 Notes