What is SAML?
Security Assertion Markup Language 2.0 (SAML 2.0) is an internet standard for exchanging authentication and authorization data between security domains.
SAML 2.0 is an XML-based protocol that uses security tokens containing assertions to pass information about a principal (usually an end user) between an identity provider and a web service provider. SAML 2.0 enables web-based authentication and authorization scenarios including single sign-on (SSO).
A SAML 2.0 landscape consists at a minimum of two components:
- SAML 2.0 Identity Provider (IdP)
- SAML 2.0 Internet Service Provider (ISP)
The SAML 2.0 IdP is an authoritative site that authenticates end users and asserts their identity information in a trusted fashion to trust partners, that is, the SAML 2.0 ISP. It's responsible for the management of the user identity lifecycle.
The ISP hosts the web application, and has a trust relationship to an IdP to accept and trust asserted information provided by the IdP on behalf of a user. The ISP delegates identity lifecycle and access management load to the IdP.
Key Points to Remember
SAML 2.0 uses a claim attribute to map Identity between the IdP and ISPs. It can be a User ID, email address, or any custom field. But remember, the mapping attribute is case sensitive!
The SAML 2.0 process flow is strictly dependent on time. The SAML 2.0 process flow must be executed within a short period of time, as specified by the optional Not Before and Not On Or After attributes. You will need to make sure the identity provider clock and the service provider clocks are in sync.