SAML

Question 1

What is SAML?

Answer 1

SAML or Security Assertion Markup Language allows browser-based single sign on across a variety of systems.

Question 2

What are the 3 actors in a SAML request?

Answer 2

1. Principal - The end user who wants to use the web-based services
2. Identity Provider - The organization providing the proof of identity (e.g. employer, school, etc..)
3. Service Provider - Web-based service that the user wants to access

Question 3

Describe the authentication flow with SAML?

Answer 3

1. Principal requests access to a resource from the service provider
2. Service provider checks to see if the user already has an authenticated session
3. If so, service provider grants access
4. If not, the service provider redirects the user to the single sign on service from that user’s identity provider
5. The principal attempts to authenticate to the identity provider
6. The identity provider creates and XHTML form customized for the service provider
7. The principal uses this information to request a security assertion, which includes proof of identity from the identity provider, from the service provider
8. The service provider validates the request and creates a security context with the desired service and redirects to the user to the service