SAML 2.0 Tutorial | How SAML Works | Ping Identity

SAML: How It Works

Security Assertion Markup Language (SAML)

Security Assertion Markup Language (SAML) holds the dominant position in terms of industry acceptance for federated identity deployments. SAML is deployed in tens of thousands of cloud single sign-on (SSO) connections. Thousands of large enterprises, government agencies and service providers have selected it as their standard protocol for communicating identities across the internet.

 

SAML is XML-based which makes it a very flexible standard. Two federation partners can choose to share whatever identity attributes they want in a SAML assertion (message) payload as long as those attributes can be represented in XML. This flexibility led to pieces of the SAML standard, such as the SAML assertion format, being incorporated into other standards such as WS-Federation.

SAML 101

SAML 101

An introduction to identity federation
and the SAML standard.

Download Now

The SAML Advantage

Interoperability also gives SAML a huge advantage over proprietary SSO mechanisms.  For an enterprise, proprietary SSO means each new connection potentially requires a new and different software implementation. With SAML, a single SAML implementation can support SSO connections with many different federation partners. Some large organizations, particularly those who have already gone through the pain of supporting multiple proprietary SSO implementations, now require the use of SAML for internet SSO with Software-as-a-Service (SaaS) applications and other external service providers.

 

The Kantara Initiative, formerly known as the Liberty Alliance, has established a very successful interoperability testing program where SAML vendors prove out-of-the-box interoperability with other SAML implementations. To date, Liberty has certified over 80 solutions from numerous vendors and organizations worldwide, including PingFederate, which has completed SAML 2.0 interoperability testing with more vendors than any other product in the identity management space.  A certified product can be the difference between a two-hour configuration and testing exercise or a multi-month distributed debugging nightmare.

 

How SAML Works

Enterprise SAML identity federation use cases generally revolve around sharing identity between an existing IdM system and web applications. There are two actors in the SAML scenario, the Identity Provider who “asserts” the identity of the user and the Service Provider who consumes the “assertion” and passes the identity information to the application. The interaction between the IdM system and the federation server is called “first mile” integration and the interaction between the federation server and the application is called “last mile” integration.

Here are some similar assets

null

The Essential OAuth Primer

OAuth 2.0 creates a consistent, flexible identity and policy architecture when communicating with Cloud APIs.

Download Now
null

Internet-Scale Identity Systems: An Overview and Comparison

Get an overview of key standards and explore the similarities, differences and synergies among them.

Download Now
Money You'll Save with Identity and Access Management

Money You'll Save with Identity and Access Management

Forrester Research analyzes the total economic impact (TEI) of Ping Identity SSO solutions.

VIEW NOW
SAML 2.0 Tutorial | How SAML Works | Ping Identity