March 11, 2019

How does SAML work?

The basic concept is that organizations already know the identity of users through Active Domain, so why not piggyback on this identity when logging into web-based applications? Security Assertion Markup Langauge (SAML) gives a clean approach to doing just that.

Reading: Overview of SAML.

SAML Single Sign On (SSO) transfers user identity from an identity provider to an application service. The transfer occurs through exchange of digitally signed XML documents. The Process is:

  1. user makes a request to the application service
  2. application identifies user origin and redirects to identity provider (authentication request)
  3. identity provider uses either active browser session or prompts user to log in, establishing new session
  4. identity provider builds an XML document with username and/or email, signs the document using X.509 certificate, and then POSTs the document back to the application
  5. application validates the XML document with a fingerprint, username and/or email
  6. user gains authenticated session with the application service

Content by © Jared Davis 2019-2020

Powered by Hugo & Kiss.