Back in 2001, the tech sector was looking to establish an XML (Extensible Markup Language) framework that could be used to transfer authentication and authorisation information. The result of their efforts was the Security Assertion Markup Language (SAML), an open standard authentication protocol that simplifies the transfer of authentication data between identity providers (IdP) and service providers (SP).
SAML has defined a standard that makes it possible for external applications and services to confirm that users are who they claim to be. As such, users can access multiple web applications with just one login credential or rather through Single Sign-On (SSO) technology. SAML facilitates this login approach by providing a means to authenticate a user once and then share that authentication with multiple applications.
Before SAML, SSO was only possible with cookies in the same domain. SAML was able to remove the cookie middleman by centralising user authentication data with an identity provider. If an application has an enabled SAML, a line of communication can be opened between the SP and IdP when a user tries to login, thereby providing for a seamless authentication and authorisation process. One which does not require users to remember multiple usernames and passwords.
The most current version of SAML is SAML 2.0 (since 2005), which merges several previous versions of SAML. Although many systems support earlier versions, SAML 2.0 remains the modern standard.
SAML has been widely embraced as an enterprise solution. This is primarily due to its multiple benefits. Namely:
SAML acts as a middleman between an identity provider (IdP) and a service provider or web application. It accomplishes this using defined federated authentication process flows to transfer user information, including identifiers or other attributes. This process is triggered by a user attempting to access a web application or service. For example:
How Is SAML Different From Other Authentication Protocols?
Unlike other authentication protocols such as OAuth and OpenID Connect, which are mainly used for authorising APIs and web applications, SAML is specifically designed for authenticating users in enterprise and organisational scenarios.
What Are the Main Components of SAML?
Identity Provider (IdP): A web application or system that is responsible for authenticating users and creating SAML assertions.
Service Provider (SP): A web application or system that users access, receive, and verify SAML assertions.
SAML assertion: A digital signature containing identity and attribute information about the user that is exchanged between the IdP and the SP.
What Is the Role of IdP and SP in SAML?
SAML works by exchanging digitally signed SAML assertions between an identity provider (IdP) and a service provider (SP). The IdP authenticates the user and creates a SAML assertion containing the user's identity and attributes. The SP receives this SAML assertion, checks its validity and authorises the user accordingly.
What Are the Arguments in Favour of SAML?
Single sign-on (SSO): Users can log in to one application and then seamlessly access other applications without having to log in again.
Security: SAML uses encryption and digital signatures to ensure the security of authentication and authorisation data.
Interoperability: SAML is a standard protocol supported by a wide range of vendors, which facilitates interoperability between different applications and systems.