Another variant of the authentication process is Single Sign-On (SSO), which uses protocols such as Security Assertion Markup Language (SAML) or Central Authentication Service (CAS). When using SSO, the application will redirect users to the identity server, reply on the identity server to perform the authentication, and notify the application about the result. When using SAML, the application, which is known as a Service Provider (SP), will receive an SAML assertion from the identity server, which is known as the identity provider (IdP), after the authentication. The SAML assertion contains information on the user that the application can trust. It usually includes the user's basic information, such as name, email address and user ID on the IdP side. When using CAS, upon a successful authentication on the CAS server side, the application will receive a service ticket once the user is redirected back to the application. With this service ticket, the application will make a request to the CAS server to validate the service ticket to make sure the received service ticket is valid and can be trust. As you can see, in the Single Sign-On process, the application won't have any knowledge of the user's credentials.