Security Access Markup Language (SAML) is both an authentication protocol and XML-based data structure used for authentication.
SAML allows to manage identities, authentication and authorization between identity providers and service providers.
It defines an infrastructure for key exchange between security domains.
HTTP or HTTPS protocol.
It is an open standard developed by OASIS.
It has integration with XML Encryption and XML Signature.
SAML Main Elements
SAML main elements:
- Assertions
- Protocols
- Binding
- Profiles
An assertion is a XML document that contain statements about a user’s identity, attributes, and authorization decisions.
A SAML protocol defines the rules and formats for requesting and exchanging SAML assertions between entities (e.g., IdP and SP).
A binding specifies how SAML messages are transported over standard communication protocols (e.g., HTTP, SOAP).
A profile is a predefined combination of assertions, protocols, and bindings tailored for specific use cases.
SAML Applications
SAML may be used in identity federation. You can read this post about identify federation.
SAML may be used in single-sign on (SSO).
Implementations
Implementations of SAML:
- OpenSAML
- SimpleSAMLPHP
- Shibboleth