Wiki SAML for Web Developers SAML Online tools Security Assertion Markup Language (SAML) is an XML-based, open-standard data format for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider [...]. The single most important requirement that SAML addresses is web browser single sign-on (SSO). The SAML specification defines three roles: the principal (typically a user), the Identity provider (IdP), and the service provider (SP). Related technologies: XML, XSD, XML Signature, XML Encryption, SOAP, HTTP. SAML defines XML-based assertions and protocols, bindings, and profiles. A SAML binding determines how SAML requests and responses map onto standard messaging or communications protocols. An important (synchronous) binding is the SAML SOAP binding. A SAML profile is a concrete manifestation of a defined use case using a particular combination of assertions, protocols and bindings. A SAML assertion contains a packet of security information, a relying party interprets an assertion as follows:
Three types of statements are provided by SAML:
Authentication statements assert to the service provider that the principal did indeed authenticate with the identity provider at a particular time using a particular method of authentication. Other information about the authenticated principal (called the authentication context) may be disclosed in an authentication statement. An attribute statement asserts that a subject is associated with certain attributes. An attribute is simply a name-value pair. Relying parties use attributes to make access-control decisions. An authorization decision statement asserts that a subject is permitted to perform action A on resource R given evidence E. The expressiveness of authorization decision statements in SAML is intentionally limited. More-advanced use cases are encouraged to use XACML instead. ![]() SP-Initiated SSO: Redirect/POST Bindings SAML V2.0 Technical Overview Assertions and Protocols for the OASIS Security (SAML) V2.0 |
Security >