Security Assertion Markup Language (SAML) is an open federation standard protocol for authenticating web applications. It simplifies the login experience for users by allowing access to multiple applications with one set of credentials. SAML is also the underlying protocol that makes web-based single sign-on (SSO) possible and provides a way for users to authenticate themselves when logging into third-party apps.
SAML allows an identity provider (IdP) to authenticate users and then pass an authentication token to another application known as a service provider (SP). SAML enables the SP to operate without having to perform its own authentication and pass the identity to integrate internal and external users. SAML allows security credentials to be shared with a SP across a network, typically an application or service. SAML enables secure, cross-domain communication between public cloud and other SAML-enabled systems, as well as a selected number of other identity management systems located on-premises or in a different cloud. With SAML, you can enable a single sign-on (SSO) experience for your users across any two applications that support SAML protocol and services, allowing a SSO to perform several security functions on behalf of one or more applications.
At the heart of the SAML assertion is a subject (a principal within the context of a particular security domain) about which something is being asserted. The subject is usually (but not necessarily) a human. As in the SAML 2.0 Technical Overview, the terms subject and principal are used interchangeably in this document.
Before delivering the subject-based assertion from IdP to the SP, the IdP may request some information from the principal—such as a user name and password—in order to authenticate the principal. SAML specifies the content of the assertion that is passed from the IdP to the SP. In SAML, one identity provider may provide SAML assertions to many service providers. Similarly, one SP may rely on and trust assertions from many independent IdPs.
SAML does not specify the method of authentication at the identity provider. The IdP may use a username and password, or some other form of authentication, including multi-factor authentication (MFA). A directory service such as RADIUS, LDAP or Active Directory (AD) that allows users to log in with a user name and password is a typical source of authentication tokens at an identity provider. The popular Internet social networking services also provide identity services that in theory could be used to support SAML exchanges.
Related Products
Related Articles
EyeLock Releases EyeLock ID® – Simplified Logical Access for On-Premise and Remotely Connected Workers
NEW YORK, Sept. 22, 2020 -- EyeLock LLC, the leader of iris-based identity authentication solutions, announced today the release of its highly anticipated EyeLock ID® logical access system for connected workers. Recognizing that passwords and usernames are things of the
BIO-key adds Technology Transfer Institute of Africa to its Channel Alliance Program; Bolstering Sales Reach in Large, High-Growth African Market
WALL, N.J. and OWERRI, Nigeria, Nov. 04, 2019 -- BIO-key International, Inc. (NASDAQ: BKYI), an innovative provider of biometric authentication and security solutions, today announced that the company has added Technology Transfer Institute of Africa (TTI) as a Channel Alliance Partner (CAP).
Ping Identity Launches New Private Cloud Identity Solution for the Enterprise
DENVER — August 5, 2019 — Ping Identity, the leader in Identity Defined Security, today announced the release of PingCloud Private Tenant, a private cloud identity solution for the enterprise. PingCloud Private Tenant provides cloud identity and access management (IAM) by combining
CyberArk Joins the Microsoft Intelligent Security Association
CHICAGO – CyberArk Impact Americas Conference–– July 17, 2019 – CyberArk (NASDAQ: CYBR), the global leader in privileged access security, today fortified its long-standing relationship with Microsoft by joining the Microsoft Intelligent Security Association to help customers secure infrastructure against privilege-related attacks. This marks the latest
BIO-key Introduces ID Director for SAML, Enabling Simple, Secure and Efficient Biometric Single Sign-On to Hundreds of Applications
RSA 2019 - SAN FRANCISCO and WALL, N.J., March 04, 2019 (GLOBE NEWSWIRE) -- BIO-key International, Inc. (NASDAQ: BKYI), an innovative provider of biometric authentication and security solutions, today announced the general availability of ID Director for SAML (Security Assertion Markup Language),
NY Regional Bank Selects BIO-key Biometric Authentication to Comply with New York State Department of Financial Services Cybersecurity Law
WALL, N.J., Oct. 04, 2018 (GLOBE NEWSWIRE) -- BIO-key International, Inc. (NASDAQ: BKYI), an innovative provider of biometric authentication and security solutions, today announced a regional bank serving customers throughout Long Island and neighboring New York City boroughs, has selected BIO-key to provide