Security Assertion Markup Language: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 22:03, 15 January 2025 edit Tule-hog (talk \| contribs) Extended confirmed users 6,834 edits Undid revision 1269686836 by 200.68.183.131 (talk) - rv unconstructive edit Tag: Undo ← Previous edit		Latest revision as of 18:06, 19 April 2025 edit undo LeftyJohnson (talk \| contribs) 6 edits m correct citation
(One intermediate revision by the same user not shown)
Line 14: At the heart of the SAML assertion is a subject (a principal within the context of a particular security ___domain) about which something is being asserted. The subject is usually (but not necessarily) a human. As in the SAML 2.0 Technical Overview,<ref name="SAMLTechOverview20">N. Ragouzis et al. ''Security Assertion Markup Language (SAML) 2.0 Technical Overview.'' OASIS Committee Draft 02, March 2008. Document identifier: sstc-saml-tech-overview-2.0-cd-02 https://wiki.oasis-open.org/security/Saml2TechOverview</ref> the terms subject and principal are used interchangeably in this document. Before delivering the subject-based assertion from ~~IdP~~Identity Provider to the SPService Provider, the ~~IdP~~Identity Provider may request some information from the ~~principal—such~~principal (such as a user name and ~~password—in~~password) in order to authenticate the principal. SAML specifies the content of the assertion that is passed from the ~~IdP~~Identity Provider to the SPService Provider. In SAML, one ~~identity~~Identity ~~provider~~Provider may provide SAML assertions to many ~~service~~Service ~~providers~~Providers. Similarly, one Service Provider (SP) may rely on and trust assertions from many independent ~~IdPs~~Identity Providers (IdP).<ref>{{~~Citation~~cite web ~~needed~~\|last1=Guevara \|first1=Holly \|title=How SAML Authentication Works \|url=https://auth0.com/blog/how-saml-authentication-works/ \|website=auth0.com \|publisher=auth0 \|access-date=~~September~~19 April ~~2023~~2025}}</ref> SAML does not specify the method of authentication at the identity provider. The IdP may use a username and password, or some other form of authentication, including [[multi-factor authentication]]. A directory service such as [[RADIUS]], [[Lightweight Directory Access Protocol\|LDAP]], or [[Active Directory]] that allows users to log in with a user name and password is a typical source of authentication tokens at an identity provider.<ref name="92xv0">{{cite web\|url=http://www.informationweek.com/software/information-management/saml-the-secret-to-centralized-identity-management/d/d-id/1028656? \| title=SAML: The Secret to Centralized Identity Management \|publisher=InformationWeek.com \|date=2004-11-23 \|access-date=2014-05-23}}</ref> The popular Internet social networking services also provide identity services that in theory could be used to support SAML exchanges.