Overview of SAML (2024)

Table of Contents
How SAMLWorks SAML SSOFlow

Security Assertion Markup Language (SAML) is a standard for logging users into applications based on their sessions in another context. This single sign-on (SSO) login standard has significant advantages over logging in using ausername/password:

Most organizations already know the identity of users because they are logged in to their Active Directory domain or intranet. It makes sense to use this information to log users in to other applications, such as web-based applications, and one of the more elegant ways of doing this is by usingSAML.

SAML is very powerful and flexible, but the specification can be quite a handful. OneLogin’s open-source SAML toolkits can help you integrate SAML in hours, instead of months. We’ve come up with a simple setup that will work for mostapplications.

How SAMLWorks

SAML SSO works by transferring the user’s identity from one place (the identity provider) to another (the service provider). This is done through an exchange of digitally signed XMLdocuments.

Consider the following scenario: A user is logged into a system that acts as an identity provider. The user wants to log in to a remote application, such as a support or accounting application (the service provider). The followinghappens:

See Also
What is SAML and How Does it Work?

  1. The user accesses the remote application using a link on an intranet, a bookmark, or similar and the applicationloads.

  2. The application identifies the user’s origin (by application subdomain, user IP address, or similar) and redirects the user back to the identity provider, asking for authentication. This is the authenticationrequest.

  3. The user either has an existing active browser session with the identity provider or establishes one by logging into the identityprovider.

  4. The identity provider builds the authentication response in the form of an XML-document containing the user’s username or email address, signs it using an X.509 certificate, and posts this information to the serviceprovider.

  5. The service provider, which already knows the identity provider and has a certificate fingerprint, retrieves the authentication response and validates it using the certificatefingerprint.

  6. The identity of the user is established and the user is provided with appaccess.

SAML SSOFlow

The diagram below illustrates the single sign-on flow for service provider-initiated SSO, i.e. when an application triggersSSO.

Overview of SAML (1)

Identity provider-initiated SSO is similar and consists of only the bottom half of theflow.

?tags=onelogin+saml”target=”_blank”>StackOverflow.

Overview of SAML (2024)
Top Articles
Unblocked Games6969: A World Of Unrestricted Gaming Fun - Unblocked Hub
How To Properly Torque Wheel Lug Nuts/Lug Bolts
Pathé Amsterdam Noord
Mahoning County Ohio Cjis
Marion City Wide Garage Sale 2023
Truist Ezbusiness.com
This Week’s Worth-It New York City Apartment Listings
Owa Hilton Email
Adding and Subtracting Positive and Negative Numbers
− | Minus Symbol (Meaning, How To Type on Keyboard, & More) - Symbol Hippo
Eman Esfandi Wiki
Ready To Assemble Kitchen Cabinets - The RTA Store
Latest Posts
Unblocked Games 6969
Bbc Weather Boston Massachusetts
Article information

Author: Rev. Leonie Wyman

Last Updated:

Views: 6514

Rating: 4.9 / 5 (79 voted)

Reviews: 94% of readers found this page helpful

Author information

Name: Rev. Leonie Wyman

Birthday: 1993-07-01

Address: Suite 763 6272 Lang Bypass, New Xochitlport, VT 72704-3308

Phone: +22014484519944

Job: Banking Officer

Hobby: Sailing, Gaming, Basketball, Calligraphy, Mycology, Astronomy, Juggling

Introduction: My name is Rev. Leonie Wyman, I am a colorful, tasty, splendid, fair, witty, gorgeous, splendid person who loves writing and wants to share my knowledge and understanding with you.