A service provider (SP) sends a SAML request ...
to a SAML Identity Provider (IdP) ...
and the IdP authenticates the user.
The SAML response is digitally signed ...
so the SP can verify the response is valid.