SAML Tutorials & Resources
SAML (Security Assertion Markup Language) enjoys the dominant position in terms of industry acceptance and production federated identity deployments. SAML is deployed in tens of thousands of Internet SSO connections, and thousands of large enterprises, government agencies and service providers have selected it as their standard protocol for communicating identities across the Internet.
Initially published as a version 1.0 standard in 2002 (the same year that Ping Identity was founded), SAML evolved over the ensuing years to its current state, SAML 2.0, in 2005. The SAML standard is managed by the OASIS Security Services Technical Committee. SAML 2.0 is actually a rollup of three predecessor identity federation standards: SAML 1.1, ID-FF (Identity Federation Framework) 1.2, and Shibboleth.
SAML 2.0 is actually a rollup of three predecessor identity federation standards: SAML 1.1, ID-FF 1.2, and Shibboleth.
Since it is XML-based, SAML has extensible, which makes it a very flexible standard. Two federation partners can choose to share whatever identity attributes they want in a SAML assertion (message) payload as long as those attributes can be represented in XML. This flexibility has even led to pieces of the SAML standard, such as the SAML assertion format, being incorporated into other standards such as WS-Federation.
Interoperability also gives SAML a huge advantage over proprietary SSO mechanisms that require the IdP and SP to both implement the same software. For an enterprise, proprietary SSO means each new connection potentially requires new and different software implementation. With SAML, a single SAML implementation can support SSO connections with many different federation partners. Some large organizations, particularly those who have already gone through the pain of supporting multiple proprietary SSO implementations, are now mandating the use of SAML for Internet SSO with SaaS applications and other external service providers.
One of the early pioneers in the development of SAML, the Liberty Alliance, has established a very successful interoperability testing program called Liberty Interoperable where SAML vendors prove that their products interoperate out-of-the-box with other SAML implementations. To date, Liberty has certified over 70 solutions from numerous vendors and organizations worldwide. When establishing a new SAML connection with federation partner, whether the partner is using a Liberty-Interoperable SAML product or a homegrown non-interop certified SAML solution can be the difference between a 2-hour configuration and testing exercise or a multi-month distributed debugging nightmare.