What is SAML? SAML is the XML-based Security Assertion Markup Language being standardized at OASIS. SAML enables Single Sign-On and other security scenarios, and provide details about the authentication, attribute, and authorization information between security domains.SAML has the specific XML-based protocol by which security information can be transported securely across domains from SAML Authorities i.e. Identity Provider and the SAML Consumers i.e. Service Providers.
The SAML 2.0 is the latest ratified OASIS standard. Terminology The SAML architecture is surrounded with the following actors: Identity Provider (IdP): An Identity Provider (IdP), also known as Identity Assertion Provider, is responsible for issuing identification information for all providers looking to interact / service with the system in any possible way, this is achieved via an authentication module which verifies a security token as an alternative to explicitly authenticating a user within a security realm. An example of this could be, where an external website allows users to log in with Facebook credentials, Facebook is acting as an identity provider.
Facebook verifies that the user is an authorized user and returns information to the external site such as username and email address (specific details might vary). Similarly, if a site allows login with Google or Twitter, Google and Twitter are acting as the identity provider. Service Provider (SP): A Service Provider (SP), also known as consumer of SAML assertions. Basically, A Service Provider means your application/resource who wants to be SSO with SAML federated services. An example of this could be OBIEE, Salesforce.com, Tableau and NetSuite etc… How does SAML Work? At its core, SAML is a series of XML-based messages that detail whether a person has authenticated, and frequently information about that person. SAML is primarily used for SSO between organizations and websites that are “external” to the organization.
However, it can be used just as well for internal SSO applications. The three main components of the SAML specification are: Assertions – The two most commonly usedSAML assertions: Authentication assertions are those in which the user has proven his identity. Attribute assertions contain specific information about the user, such as an email and phone number. Protocol – This defines the way that SAML asks for and gets assertions, for example, using SOAP over HTTP. Binding – This details exactly how SAML message exchanges are mapped into SOAP exchanges. The assertions are exchanged among sites and services using the protocol and binding, and those assertions are what authenticates users among sites.