SAML

Security‎ > ‎

Wiki

https://en.wikipedia.org/wiki/Security_Assertion_Markup_Language

https://en.wikipedia.org/wiki/SAML_2.0

SAML for Web Developers

https://github.com/jch/saml

SAML Online tools

https://www.samltool.com/online_tools.php

Security Assertion Markup Language (SAML) is an XML-based, open-standard data format for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider [...]. The single most important requirement that SAML addresses is web browser single sign-on (SSO).

The SAML specification defines three roles: the principal (typically a user), the Identity provider (IdP), and the service provider (SP).

Related technologies: XML, XSD, XML Signature, XML Encryption, SOAP, HTTP.

SAML defines XML-based assertions and protocols, bindings, and profiles.

A SAML binding determines how SAML requests and responses map onto standard messaging or communications protocols. An important (synchronous) binding is the SAML SOAP binding.

A SAML profile is a concrete manifestation of a defined use case using a particular combination of assertions, protocols and bindings.

A SAML assertion contains a packet of security information, a relying party interprets an assertion as follows:

Assertion A was issued at time t by issuer R regarding subject S provided conditions C are valid.

Three types of statements are provided by SAML:

Authentication statements
Attribute statements
Authorization decision statements

Authentication statements assert to the service provider that the principal did indeed authenticate with the identity provider at a particular time using a particular method of authentication. Other information about the authenticated principal (called the authentication context) may be disclosed in an authentication statement.

An attribute statement asserts that a subject is associated with certain attributes. An attribute is simply a name-value pair. Relying parties use attributes to make access-control decisions.

An authorization decision statement asserts that a subject is permitted to perform action A on resource R given evidence E. The expressiveness of authorization decision statements in SAML is intentionally limited. More-advanced use cases are encouraged to use XACML instead.