Wikipedia

Security Assertion Markup Language: Difference between revisions

Browse history interactively
← Previous edit
Content deleted Content added
VisualWikitext
m Edit for clarity and add citation
m correct citation
 
Line 14:
At the heart of the SAML assertion is a subject (a principal within the context of a particular security ___domain) about which something is being asserted. The subject is usually (but not necessarily) a human. As in the SAML&nbsp;2.0 Technical Overview,<ref name="SAMLTechOverview20">N.&nbsp;Ragouzis et al. ''Security Assertion Markup Language (SAML)&nbsp;2.0 Technical Overview.'' OASIS Committee Draft&nbsp;02, March 2008. Document identifier: sstc-saml-tech-overview-2.0-cd-02 https://wiki.oasis-open.org/security/Saml2TechOverview</ref> the terms subject and principal are used interchangeably in this document.
 
Before delivering the subject-based assertion from Identity Provider to the Service Provider, the Identity Provider may request some information from the principal (such as a user name and password) in order to authenticate the principal. SAML specifies the content of the assertion that is passed from the Identity Provider to the Service Provider. In SAML, one Identity Provider may provide SAML assertions to many Service Providers. Similarly, one Service Provider (SP) may rely on and trust assertions from many independent Identity Providers (IdP).<ref>{{Citecite web |last1=Guevara |first1=Holly |title=How SAML Authentication Works |url=https://auth0.com/blog/how-saml-authentication-works/ | Titlewebsite=How SAML Authentication Worksauth0.com | publisher=auth0 | date=2025-01-16 | access-date=2025-04-19 April 2025}}</ref>
 
SAML does not specify the method of authentication at the identity provider. The IdP may use a username and password, or some other form of authentication, including [[multi-factor authentication]]. A directory service such as [[RADIUS]], [[Lightweight Directory Access Protocol|LDAP]], or [[Active Directory]] that allows users to log in with a user name and password is a typical source of authentication tokens at an identity provider.<ref name="92xv0">{{cite web|url=http://www.informationweek.com/software/information-management/saml-the-secret-to-centralized-identity-management/d/d-id/1028656? | title=SAML: The Secret to Centralized Identity Management |publisher=InformationWeek.com |date=2004-11-23 |access-date=2014-05-23}}</ref> The popular Internet social networking services also provide identity services that in theory could be used to support SAML exchanges.
Retrieved from "https://en.wikipedia.org/wiki/Security_Assertion_Markup_Language"