Security Authentication & Authorization SAML On this page
Definition
Security Assertion Markup Lanaguage
An XML-based standard for exchanging authentication and authorization data betweek IdPs and service providers to verify the user's identity and permission, then grant or deny their access to services.
SAML Assertion
A XML document containing data that confirms to the service provider that the person who is signing in has been successfully authenticated
Usage
Commonly used to help enterprise users sign in to multiple applications using a single login (SSO).
How SAML works?
User tries to access SP.
SP redirect the user to the IdP (e.g., ADFS).
IdP authenticates the user.
IdP sends a SAML Assertion back to SP.
SP validates the assertion and grants access based on the attributes.
Scenario: Accessing Another SSO-Enabled SP
User tries to access to another SSO-enabled SP.
Second SP redirects the user to IdP
IdP checks for active session
If the IdP session has expired, you'll be prompted to authentication page again.
IdP sends a SAML assertion to the second SP
Second SP validates the assertion and grants access