Security‎ > ‎



Security Assertion Markup Language (SAML) is an XML-based, open-standard data format for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider [...]. The single most important requirement that SAML addresses is web browser single sign-on (SSO).

The SAML specification defines three roles: the principal (typically a user), the Identity provider (IdP), and the service provider (SP).

Related technologies: XML, XSD, XML Signature, XML Encryption, SOAP, HTTP.

SAML defines XML-based assertions and protocols, bindings, and profiles.

A SAML binding determines how SAML requests and responses map onto standard messaging or communications protocols. An important (synchronous) binding is the SAML SOAP binding.

A SAML profile is a concrete manifestation of a defined use case using a particular combination of assertions, protocols and bindings.

A SAML assertion contains a packet of security information, a relying party interprets an assertion as follows:

Assertion A was issued at time t by issuer R regarding subject S provided conditions C are valid.

 Three types of statements are provided by SAML:
Authentication statements
Attribute statements
Authorization decision statements

Authentication statements assert to the service provider that the principal did indeed authenticate with the identity provider at a particular time using a particular method of authentication. Other information about the authenticated principal (called the authentication context) may be disclosed in an authentication statement.

An attribute statement asserts that a subject is associated with certain attributes. An attribute is simply a name-value pair. Relying parties use attributes to make access-control decisions.

An authorization decision statement asserts that a subject is permitted to perform action A on resource R given evidence E. The expressiveness of authorization decision statements in SAML is intentionally limited. More-advanced use cases are encouraged to use XACML instead.

SP-Initiated SSO: Redirect/POST Bindings

SAML V2.0 Technical Overview

Assertions and Protocols for the OASIS Security (SAML) V2.0

Amando Marques,
Oct 7, 2015, 7:03 AM
Amando Marques,
Oct 7, 2015, 7:08 AM