SAML Concepts: Difference between revisions
| Line 40: | Line 40: | ||
=SAML Profile= | =SAML Profile= | ||
A ''profile'' is essentially a use case for SAML. <font color=red>If that is true, map to use cases above and coalesce</font>. The profile combines [[#SAML_Assertion|assertions]], [[SAML_Protocol|protocols]] and [[SAML_Binding|bindings]] to support a specific use case. | A ''profile'' is essentially a use case for SAML. <font color=red>If that is true, map to use cases above and coalesce</font>. The profile combines [[#SAML_Assertion|assertions]], [[#SAML_Protocol|protocols]] and [[#SAML_Binding|bindings]] to support a specific use case. | ||
=SAML Binding= | =SAML Binding= | ||
Revision as of 01:28, 21 February 2017
Internal
Security Assertion
Subject
Subjects are entities that have identity related information specific to a security domain.
Security Domain
Identity Provider
The Identity Provider (IdP) is.
The Identity Provider is also known as the asserting party.
Service Provider
The Service Provider (SP) is ....
The Service Provider is also known as the relying party.
Trust Relationship
There is a trust relationship between the Identity Provider and and the Service Provider.
SAML Use Cases
Web Browser Single Sign-On
Web browser single sign-on (SSO) among independent but cooperating parties is the most important SAML use case. Another more recent approach to addressing browser SSO is the OpenID Connect protocol.
Attribute-based Authorization
Identity Federation
WS-Security
SAML Profile
A profile is essentially a use case for SAML. If that is true, map to use cases above and coalesce. The profile combines assertions, protocols and bindings to support a specific use case.
SAML Binding
SAML Protocol
SAML Assertion
To Deplete
- https://home.feodorov.com:9443/wiki/Wiki.jsp?page=SingleSignOn
- https://home.feodorov.com:9443/wiki/Wiki.jsp?page=PicketLinkSAMLSSO#section-PicketLinkSAMLSSO-Concepts