Security Assertion Markup Language (SAML)

The SAML Advantage

Interoperability also gives SAML a huge advantage over proprietary SSO mechanisms.  For an enterprise, proprietary SSO means each new connection potentially requires a new and different software implementation. With SAML, a single SAML implementation can support SSO connections with many different federation partners. Some large organizations, particularly those who have already gone through the pain of supporting multiple proprietary SSO implementations, now require the use of SAML for internet SSO with Software-as-a-Service (SaaS) applications and other external service providers.

The Kantara Initiative, formerly known as the Liberty Alliance, has established a very successful interoperability testing program where SAML vendors prove out-of-the-box interoperability with other SAML implementations. To date, Liberty has certified over 80 solutions from numerous vendors and organizations worldwide, including PingFederate, which has completed SAML 2.0 interoperability testing with more vendors than any other product in the identity management space.  A certified product can be the difference between a two-hour configuration and testing exercise or a multi-month distributed debugging nightmare.

How SAML Works

Enterprise SAML identity federation use cases generally revolve around sharing identity between an existing IdM system and web applications. There are two actors in the SAML scenario, the Identity Provider who “asserts” the identity of the user and the Service Provider who consumes the “assertion” and passes the identity information to the application. The interaction between the IdM system and the federation server is called “first mile” integration and the interaction between the federation server and the application is called “last mile” integration.