Skip to main content
HashnodeCloud Tuned

Command Palette

Search for a command to run...

SAML -Security Assertion Markup Language

Published
2 min readView as Markdown
SAML -Security Assertion Markup Language
C
Cloud Tuned

Introduction

SAML (Security Assertion Markup Language) works by enabling a user to authenticate once with an Identity Provider (IdP) and then use that authentication to access multiple Service Providers (SPs) without needing to re-enter credentials. Essentially, it's a standardized way for one system (the IdP) to vouch for a user's identity to another system (the SP).

How it works

  1. Trust Relationship:

    Before any communication, the IdP and SP establish a trust relationship by exchanging metadata, certificates, and other configuration details.

  2. User Request:

    A user attempts to access a resource on a Service Provider (SP)

  3. Redirection to IdP:

    The SP, recognizing the user is not authenticated, redirects the user to the IdP's login page.

  4. Authentication at IdP:

    The user authenticates with the IdP (e.g., using username/password, multi-factor authentication, etc.).

  5. SAML Assertion:

    Upon successful authentication, the IdP creates a SAML assertion, which is an XML document containing user information, authorization details, and a digital signature.

  6. Assertion Delivery:

    The IdP sends the SAML assertion back to the SP, usually through the user's browser using a POST request.

  7. Verification and Authorization:

    The SP verifies the SAML assertion's signature and extracts user information and authorization data.

  8. Access Granted:

    If the assertion is valid, the SP grants the user access to the requested resource or application.

  9. Single Sign-On (SSO):

    The SP can also use the SAML assertion to establish a session for the user, allowing them to access other applications within the same domain without needing to re-authenticate.

Key Components

  • Identity Provider (IdP): The system that authenticates the user (e.g., corporate directory, cloud identity provider).

  • Service Provider (SP): The application or service that relies on the IdP for user authentication (e.g., SaaS application, internal web application).

  • SAML Assertion: The XML document containing user information and authorization details.

  • Single Sign-On (SSO): The ability for users to access multiple applications with a single login.

#saml

Comments

Join the discussion

No comments yet. Be the first to comment.

More from this blog

Cloud Tuned

754 posts

Your starting point for anything cloud: AWS, Azure, GCP, Serverless, Architecture, Hybrid Cloud, Systems Design and other Information Technology topics.