SAML (Security Assertion Markup Language) Definition

Security Assertion Markup Language (SAML) is an open federation standard protocol for authenticating web applications. It simplifies the login experience for users by allowing access to multiple applications with one set of credentials. SAML is also the underlying protocol that makes web-based single sign-on (SSO) possible and provides a way for users to authenticate themselves when logging into third-party apps.

SAML allows an identity provider (IdP) to authenticate users and then pass an authentication token to another application known as a service provider (SP). SAML enables the SP to operate without having to perform its own authentication and pass the identity to integrate internal and external users. SAML allows security credentials to be shared with a SP across a network, typically an application or service. SAML enables secure, cross-domain communication between public cloud and other SAML-enabled systems, as well as a selected number of other identity management systems located on-premises or in a different cloud. With SAML, you can enable a single sign-on (SSO) experience for your users across any two applications that support SAML protocol and services, allowing a SSO to perform several security functions on behalf of one or more applications.

At the heart of the SAML assertion is a subject (a principal within the context of a particular security domain) about which something is being asserted. The subject is usually (but not necessarily) a human. As in the SAML 2.0 Technical Overview, the terms subject and principal are used interchangeably in this document.

Before delivering the subject-based assertion from IdP to the SP, the IdP may request some information from the principal—such as a user name and password—in order to authenticate the principal. SAML specifies the content of the assertion that is passed from the IdP to the SP. In SAML, one identity provider may provide SAML assertions to many service providers. Similarly, one SP may rely on and trust assertions from many independent IdPs.

SAML does not specify the method of authentication at the identity provider. The IdP may use a username and password, or some other form of authentication, including multi-factor authentication (MFA). A directory service such as RADIUS, LDAP or Active Directory (AD) that allows users to log in with a user name and password is a typical source of authentication tokens at an identity provider. The popular Internet social networking services also provide identity services that in theory could be used to support SAML exchanges.

Related Products

Sale!

Identiv uTrust 2700 F USB Contact Smart Card Reader

$40.00 – $49.99

Select options Details
Sale!

Identiv uTrust 2700 R USB Contact Smart Card Reader

$27.99

Add to cart Details
Power LogOn® Administrator Installation Kit

$780.00

Add to cart Details

EyeLock Releases EyeLock ID® – Simplified Logical Access for On-Premise and Remotely Connected Workers

Nick Schooler2023-03-13T14:08:04-07:00September 22nd, 2020|

NEW YORK, Sept. 22, 2020 -- EyeLock LLC, the leader of iris-based identity authentication solutions, announced today the release of its highly anticipated EyeLock ID® logical access system for connected workers. Recognizing that passwords and usernames are things of the

BIO-key adds Technology Transfer Institute of Africa to its Channel Alliance Program; Bolstering Sales Reach in Large, High-Growth African Market

Nick Schooler2023-03-13T14:16:00-07:00November 4th, 2019|

WALL, N.J. and OWERRI, Nigeria, Nov. 04, 2019 -- BIO-key International, Inc. (NASDAQ: BKYI), an innovative provider of biometric authentication and security solutions, today announced that the company has added Technology Transfer Institute of Africa (TTI) as a Channel Alliance Partner (CAP).

Ping Identity Launches New Private Cloud Identity Solution for the Enterprise

Nick Schooler2023-03-13T14:16:12-07:00August 5th, 2019|

DENVER — August 5, 2019 — Ping Identity, the leader in Identity Defined Security, today announced the release of PingCloud Private Tenant, a private cloud identity solution for the enterprise. PingCloud Private Tenant provides cloud identity and access management (IAM) by combining

CyberArk Joins the Microsoft Intelligent Security Association

Nick Schooler2023-03-13T14:16:16-07:00July 17th, 2019|

CHICAGO – CyberArk Impact Americas Conference–– July 17, 2019 – CyberArk (NASDAQ: CYBR), the global leader in privileged access security, today fortified its long-standing relationship with Microsoft by joining the Microsoft Intelligent Security Association to help customers secure infrastructure against privilege-related attacks. This marks the latest

BIO-key Introduces ID Director for SAML, Enabling Simple, Secure and Efficient Biometric Single Sign-On to Hundreds of Applications

Nick Schooler2023-03-13T14:16:36-07:00March 4th, 2019|

RSA 2019 - SAN FRANCISCO and WALL, N.J., March 04, 2019 (GLOBE NEWSWIRE) -- BIO-key International, Inc. (NASDAQ: BKYI), an innovative provider of biometric authentication and security solutions, today announced the general availability of ID Director for SAML (Security Assertion Markup Language),

NY Regional Bank Selects BIO-key Biometric Authentication to Comply with New York State Department of Financial Services Cybersecurity Law

Nick Schooler2023-03-13T14:16:57-07:00October 4th, 2018|

WALL, N.J., Oct. 04, 2018 (GLOBE NEWSWIRE) -- BIO-key International, Inc. (NASDAQ: BKYI), an innovative provider of biometric authentication and security solutions, today announced a regional bank serving customers throughout Long Island and neighboring New York City boroughs, has selected BIO-key to provide

Categories: Access Control, Authentication, Identity, Logical Access, Standards

Tags: Access Control, Active Directory, Logical Access, MFA, Multi-Factor Authentication, SAML, Single Sign-On, SSO

« Back to Glossary Index

Security Assertion Markup Language (SAML)

Related Products

Related Articles