In the security world, SAML has long played an important role in how security credentials are handled. However, all the acronyms and jargon of security and information technology can often confuse newcomers and non-techies. So, what is SAML? How does it work? Read on to find out.

What SAML Is

Short for security assertion markup language, SAML is an open standard that is used by security systems to authorization credentials from an identity provider to a service provider. In other words, you can use SAML to allow s to to multiple sites, apps or services using a single set of credentials. For many organizations, SAML works as the technical core of single sign-on.

SAML simplifies the process of federating identities and makes authentication easier (and often more secure). Since it is an open standard, it is usually easier to work with compared to a proprietary alternative.

By using SAML, organizations can eliminate the need to have numerous credentials for different services. Furthermore, the process can be made more secure because there is only one point that needs to be hardened. It is often harder for a malicious attacker to gain access to any service because the service is not managing its own authentication process.

SAML Providers

There are two important providers in the SAML system: the identity provider and the service provider. In most cases, there are multiple service providers and one identity provider. These providers may be different services provided by the same organization (especially if SAML is being used for an internal SSO system).

You can think of the identity provider as being the database and the service provider as being the functionality that the wants to use. The is authenticated with the identity provider. The IP then tells the SP that the has been authenticated and has certain access rights.

SAML Assertions

A SAML assertion is data that is sent by the identity provider to the service provider. It is formatted as an XML document and contains all the relevant authorization data.

There are three assertion types. Authentication assertions indicate that the has proven his or her identity. Attribute assertions send the ’s attributes from the identity provider. Finally, authorization decision assertions indicate that the was rejected due to an incorrect , lack of rights or another authentication issue.

How SAML Works

An authentication system based on SAML is simple. The logs in once. This may be at a designated single sign-on point or may be a page for one of the services. However, in either case, the ’s credentials are sent to and authenticated by the identity provider.

Then, whenever the wants to use a service provider, the SP asks the IP whether the is authenticated or not. The IP responds accordingly. Every provider in the system is using SAML, making it easy for them to talk fluidly to each other.

For SAML to work, both providers need to have an agreed-upon configuration. In other words, while they will always be speaking the same language due to using SAML, they also need to speak the same dialect (configured to work together) in order to work correctly.

SAML and OAuth

OAuth is another system based on similar principles to SAML. Typically, service providers that are providing functionality to general consumers are more likely to use OAuth because it was developed by Google and Twitter (Facebook also offers it), meaning that existing credentials can be used easily. However, SAML offers greater control for enterprises that want to create secure SSO s.

Learn More

Discover more about how you can use SAML in your organization. It can be a very powerful tool for managing security and authentication requirements. It is most effective when you have the backing of an experienced identity solutions provider.