What is SAML?
The Security Assertion Markup Language (SAML) is an open standard that allows security credentials to be shared by multiple computers across a network. It describes a framework that allows one computer to perform some security functions on behalf of one or more other computers:
- Authentication: Determining that the users are who they claim to be
- Authorization: Determining if users have the right to access certain systems or content
Strictly speaking, SAML refers to the XML variant language used to encode all this information, but the term can also cover various protocol messages and profiles that make up part of the standard.
SAML 2.0 was introduced in 2005 and remains the current version of the standard. The previous version, 1.1, is now largely deprecated. SAMLDiffs has a great summary of the difference between the versions.
What is SAML used for?
SAML is one way to implement single sign on (SSO), and indeed SSO is by far SAML’s most common use case. SSO, as the name implies, allows a user to log in once and access multiple services—websites, cloud or SaaS apps, file shares, and so on. In an SSO scenario, all these services outsource their authentication and authorization functionality to a single system that then sends identity information about the user to those services. Documents written in SAML are one way that information can be transmitted.
What is a SAML provider?
In SAML lingo, a provider is an entity—generally, a server or other computer—within a system that helps the user access the services he or she wants. Systems that provide or consume SAML services are generically called service providers; the most important kind of service provider is an identity provider.
We touched on what an identity provider does in the previous section: it’s the entity within the system that makes sure the user really is who they claim to be—it provides authentication, in other words. It may also determine what services, if any, that user is authorized to access across various entities in the system.
Copyright © 2021 IDG Communications, Inc.