SAML Concepts

From NovaOrdis Knowledge Base
Jump to navigation Jump to search

Internal

Security Assertion

Subject

Subjects are entities that have identity related information specific to a security domain.

Security Domain

Identity Provider

The Identity Provider (IdP) is.

The Identity Provider is also known as the asserting party.

Service Provider

The Service Provider (SP) is ....

The Service Provider is also known as the relying party.

Trust Relationship

There is a trust relationship between the Identity Provider and and the Service Provider.

Token

A SAML token is a type of token issued by a STS/IdP that can be used to enable SSO. A relying resource secured by SAML will redirect users to SAML identity provider to obtain a valid SAML token before authenticating and authorizing the user.

SAML Use Cases

Web Browser Single Sign-On

Web browser single sign-on (SSO) among independent but cooperating parties is the most important SAML use case. Another more recent approach to addressing browser SSO is the OpenID Connect protocol.

Attribute-based Authorization

Identity Federation

WS-Security

SAML Profile

A profile is essentially a use case for SAML. If that is true, map to use cases above and coalesce. The profile combines assertions, protocols and bindings to support a specific use case.

SAML Concepts Profile Binding Protocol Assertion.png

SAML Binding

Mapping of SAML protocols onto standard messaging and communication protocols.

SAML Protocol

Requests and responses for obtaining assertions and doing identity management.

SAML Assertion

Authentication, attribute and entitlement information.

Authentication Context

Detailed data on types and strengths of Authentication.

Metadata

Configuration data for identity and service providers.

To Deplete