The Wellvibe company, from Ohio (USA), manages the Wellvibe service, a multi-purpose system that integrates various human resource-related functions, such as wellness tracking and HR training and onboarding, into one website. This service uses the HR-related forms provided by the company Wellsource.


At first, Wellvibe sent the user list to Wellsource to inform us about which users had autorization to use the HR-related forms.

This model had some basic problems: it gave technical problems to Wellvibe because the user list was constantly dispatched and created problems for the users, by repeatly making them remember new username/password combinations.

Wellvibe contacted PRiSE in order to make an adaptation to the Wellvibe web page to use the SAML2 interface offered by Wellsource. This way, it wouldn't be necessary to send the user list, and it would be possible to access to the HR-related form with the SAML2 assertion sent by Wellvibe in first place.

End Scenario

The deployed solution was to install a simpleSAMLphp, which would be configured as an Identity Provider that understands SAML2 and that would be connected to Wellvibe. The dispatch of the SAML2 assertion, that represents the digital identity of the user, would be made by the HTTP POST binding. This assertion includes the user identifier and its attributes, which would be used by Wellsource in order to evaluate if the user is able to access the HR-Related forms.

In order to establish the trust relationship between Wellvibe and Wellsource with SAML2 assertions, they must interchange their public keys. This exchange allows a digital signature of the assertions and verifies its origin.