Security Assertion Markup Language (SAML) is an XML-based open standard for exchanging authentication and authorization data between parties – typically an identity provider (IdP) and a service provider. A standard SAML integration does not involve the exchange of a password and simply operates on a system of trust wherein only the user’s identity is passed between these providers.
SAML is commonly used in instances where an end user has access to many different applications or products, such as the health care or higher education fields. Instead of having to login with a username and password for each of these applications, a user simply has to authenticate once in order to access any of them. This is commonly referred to as single sign-on (SSO).
After authenticating with the IdP, a user has access to multiple applications and/or products due to a previously defined trust relationship. This trust relationship is facilitated through the use of certificates, which have been previously distributed between the IdP and the service providers. These certificates are used to “sign” all communication between the IDP and service providers.
A sample SAML integration:
- A trust relationship is defined between the IdP and each service provider through the use of installed certificates.
- An end user authenticates into the IdP using a single set of user credentials (username and password).
- A user selects a service or external system to log in to.
- The IdP sends a “signed” SAML Response to the service or external system with the user’s identity.
- The service or external system validates the SAML Response.
- The browser redirects the user to their requested resource – typically a welcome or landing page.
This is part one of what will be an ongoing series on the topic of SAML. If you have any questions or comments, please post below – or contact us.