Relying Party (RP)

A service provider or application that relies on an identity provider (IdP) to authenticate and authorize users.

When a user attempts to access an RP, the RP redirects the user to an IdP, where the user is prompted to authenticate. If the authentication is successful, the IdP generates a security token or assertion that contains information about the user and their authentication status. The IdP then redirects the user back to the RP, along with the security token or assertion.

The RP can then use the security token or assertion to authorize the user and grant access to the requested resource. The security token or assertion can also contain additional information about the user, such as their identity attributes or group membership, which the RP can use to make access control decisions.

Examples of RPs include web applications, cloud services, and APIs. The RP is responsible for enforcing access control policies, and it relies on the IdP to authenticate users and provide identity information.