What is SAML and how does it works?
User authentication is the most critical part of all application’s systems. Due to that we need different forms and protocols of authentication for handle this critical task. SAML is one protocol and in this blog post , I discuss what is SAML and how it works in brief.
What is a SAML?
Security Assertion Markup Language (SAML) is an open standard for authentication and authorization between two entities: an Identity Provider and a Service provider. The Service Provider agrees to trust the Identity Provider to authenticate users. In return, the Identity provider generates an authentication response, which indicates that a user has been authenticated.
SAML is a standard Single Sign On(SSO) format. It means a particular user can use one set of credentials to log into multiple applications. Authentication information is exchanged through digitally signed XML documents. It’s a complex single sign-on (SSO) implementation that enables seamless authentication, mostly between businesses and enterprises.
The key point of SAML is you don’t need to worry about remembering , typing and resetting credentials.
Let’s see what are the Benefits of SAML Authentications.
SAML provides a set of interoperable standard interfaces. Due to this , SAML allows independent development of security systems and application software.
Following are some benefits of SAML:
- Standardized interfaces between systems - Allows the cheaper, faster and more reliable integration.
- Improved end user experience - Allows to access the multiple service providers when signed in for one(Single Sign On). Also allows to linking of multiple identities(Identity Federation) with SAML. It improves the user experience while promoting the privacy.
- Platform neutrality -To making security more independent SAML abstracts the security frameworks away from the particular platform architecture and the vendor implementations.
How does SAML works?
When researching on “How SAML works”, I found following process flow. As I mentioned above SAML Single Sign On authentication has mainly two participants, a service provider and a identity provider.
Mainly there are two stages in SAML flow.
- Trust establishment
- Authentication
Let’s try with an example to identify the SAML flow:
For that we can take,
WSO2 Identity Server as the identity provider and
Travelocity.com as the service provider .
The process is basically work as follows.
- The user tries to log in to Travelocity from browser.
- Travelocity responds by generating a SAML request.
3. The browser redirects the user to an SSO URL in WSO2 Identity Server.
4. If the user has authenticated by WSO2 Identity Server , WSO2 Identity Server parses the SAML request and authenticate the user. If user is already authenticated , skip this step and generates the SAML response.
5. WSO2 Identity Server returns the encoded SAML response to the browser.
6. The browser send the SAML response to Travelocity for verification.
7. If the verification is done successfully , the user will be logged in to Travelocity and granted access.
In this blog post I have covered what is SAML and how does it works.As SAML promotes Single Sign On(SSO), there is better user experience that in a typical authentication flow.
References
- WSO2 documentations
- http://saml.xml.org/advantages-saml