1 / 3

How does SAML work? IdP’s & SP’s

SAML, or Security Assertion Markup Language, is the leading SSO protocol today and is a valuable standard to understand in order to fully comprehend how SAML active directory single sign on works.

gluu
Download Presentation

How does SAML work? IdP’s & SP’s

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. How does SAML work? IDP’s & SP’s SAML, or Security Assertion Markup Language, is the leading SSO protocol today and is a valuable standard to understand in order to fully comprehend how SAML OpenID connect works. SAML boils down to attribute exchange through the creation of trust relationships between IdP’s and SP’s. A basic example is signing into your active directory to log on to your work computer in the morning, and automatically gaining access to your company Gmail or sales force. The three main components of the SAML protocol: Assertions – Most common are the following 2 SAML assertions: Authentication assertions are used to make people prove their identities. Attribute assertions are used to generate specific information about the person, for example their phone number or email address. Protocol – This defines the way that SAML asks for and gets assertions, for example, using SOAP over HTTP. Binding – This details exactly how SAML message exchanges are mapped into SOAP exchanges.

  2. 5 Benefits of using a SAML IDP: There are many reasons to use a SAML IdP. Besides being the dominant single sign on protocol in use today, there are a host of reasons an organization should consider implementing a SAML IDP. Here are 5 reasons to use SAML for SSO: 1. User passwords never cross the firewall, since user authentication occurs inside of the firewall and multiple Web application passwords are no longer required. 2. Web applications with no passwords are virtually impossible to hack, as the user must authenticate against an enterprise-class IdM first, which can include strong authentication mechanisms. 3. “SP-initiated” two factor security provides access to Web apps for users outside of the firewall. If an outside user requests access to a Web application, the SP can automatically redirect the user to an authentication portal located at the Identity Provider.

  3. After authenticating, the user is granted access to the application, while their login and password remains locked safely inside the firewall. 4. Centralized federation provides a single point of web access management system software control and auditing, which has security, risk and compliance benefits. 5. A properly executed identity federation layer that satisfies all of the use cases described above and supports multiple protocols can provide an enterprise-wide, architecturally sound Internet SSO solution. Article resource:-http://thegluuserver.wordpress.com/2014/09/16/how-does-saml-work-idps-sps/

More Related