SAML Specs and Structure

📜 SAML Specifications and Versions

SAML 2.0 is the common choice. It defines message structure, transport methods, and how metadata should be written.

Key Points

• ✅ SAML 2.0 is the standard; 1.1 is not compatible.
• ✅ Specs are split by role: Assertion, Protocol, Binding, Metadata, etc.
• ✅ Bindings like HTTP-Redirect and HTTP-POST are the common transport methods.
• ✅ Metadata shares IdP/SP endpoints and certificates in XML.

🧩 A Closer Look at Each Part

The SAML 2.0 specs are made of multiple parts. Here is a simple breakdown of what each covers.

Version

• 📌 SAML 2.0 is mainstream; do not mix with 1.1.
• 📌 IdP and SP must agree on the same version.

Assertion

• 📝 The core XML that states who authenticated, when, and how.
• 📝 Includes conditions (NotBefore/NotOnOrAfter) and Audience that SP must verify.

Protocol

• 📡 Defines the format and flow of Request/Response.
• 📡 AuthnRequest and LogoutRequest/Response elements and attributes are specified here.

Binding

• 🚚 Rules for transporting messages: HTTP-Redirect, HTTP-POST, Artifact, etc.
• 🚚 Covers signatures and compression (e.g., Deflate for Redirect).

Metadata

• 📂 XML format for exchanging IdP/SP endpoints, certificates, and entity IDs.
• 📂 Used for auto-importing settings and reducing configuration mistakes.