Learning Center

SAML

SAML is an acronym that stands for “Security Assertion Markup Language.” The primary function of SAML 2.0 is helping professionals provide a standardized mechanism and format for single sign-on (SSO) across organizations, reducing costs of user administrations as each user can use one identity across applications and organizations. As the industry standard for exchanging data between security domains, SAML is the protocol of choice among government agencies, major corporations, and service providers.


SAML is an XML-based protocol, providing extensive flexibility. It enables SSO (Single-Sign On) for Cloud and corporate applications and provides a way to grant users and employees secure access to applications both inside and outside of the company firewall.


Internet SSO (or Cloud single-sign on) is simply a secure connection for information to pass. It streamlines access for users while cutting costs and ensuring security for administrators. Instead of requiring employees and other users to recall and lose dozens of passwords, one common option is using SAML to extend the use of an enterprise’s Active Directory identities to the Cloud.


By using software security tokens containing SAML assertions, SAML 2.0 passes information about a principal between a Web Service and an Identity Provider (IdP). That is, the principal (usually the end-user) sends a request and an SAML assertion passes between an IdP (which produces the SAML assertions) and a service provider application (which serves as the consumer of assertions). It should be noted that SAML assertions are not always security tokens. What turns a SAML assertion into a token is the SubjectConfirmation construct inside it and thatconstruct is open to any token type, proof mechanism, trust model, etc. Because there are no passwords associated with EmpowerID’s SAML assertions, the security risks created by stolen passwords or attacks from hackers are all but eliminated