Security Assertion Markup Language (SAML)
Security Assertion Markup Language Security Assertion Markup Language (SAML) is a standard for logging users into applications based on their sessions in another context. This single sign-on (SSO) login standard has significant advantages over logging in using a username/password: No need to type in credentials No need to remember and renew passwords No weak passwords Most organizations already know the identity of users because they are logged in to their Active Directory domain or intranet.
It makes sense to use this information to log users in to other applications, such as web-based applications, and one of the more elegant ways of doing this is by using SAML. SAML is very powerful and flexible, but the specification can be quite a handful. OneLogin’s open-source SAML toolkits can help you integrate SAML in hours, instead of months. We’ve come up with a simple setup that will work for most applications. Security Assertion Markup Language (SAML) is an open standard that defines a XML-based framework for exchanging authentication and authorization information between an identity provider (IdP) and a service provider (SP), to enable web-based single sign-on (SSO) and identity federation.
Security information is expressed in the form of portable SAML assertions that applications working across security domain boundaries can trust.
In a typical scenario, a user requesting access to a service provider is redirected to an identity provider capable of authenticating the user and providing a SAML assertion that allows the service provider to make its access control decisions. The SP and IdP must have a trust relationship established prior to exchanging SAML assertions.
SAML authentication is when a service provider (SP) redirects an access-requesting user to a trusted identity provider (IdP) in order to authenticate. Once authenticated, the IdP provides a SAML assertion that the SP can use to provide user-access to its service.
SAML 2.0 is an open standard that defines an XML-based framework for exchanging authentication and authorization information between an identity provider (IdP) and a Service Provider (SP), to enable web-based single sign-on (SSO) and identity federation. SAML 2.0 replaces SAML 1.1.
In a typical SAML authentication scenario, a user requests access to a service. The service provider redirects the user to a trusted identity provider that authenticates the user and produces a SAML assertion that the user can present to the service provider. Based on the presented assertion, the service provider will determine user permissions to use its service.
SAML 2.0 replaces SAML 1.x. SAML 2.0 is incompatible with SAML 1.x.