What is SAML?
SAML (Security Assertion Markup Language) is an XML-based protocol that enables single sign-on (SSO) between systems. This document provides a casual overview of how SAML works, including its structure and communication flow.
๐ Overview of SAML
SAML enables secure login between systems by exchanging authentication data called assertions.
Key Components
- ๐ IdP (Identity Provider): Handles the actual login and authenticates the user.
- ๐ SP (Service Provider): The web service or app the user wants to access.
- ๐ Assertion: An XML document that conveys the authentication result from the IdP.
๐ SAML Communication Flow
SAML flows through the browser between SP and IdP using SAMLRequest and SAMLResponse messages.
Main Steps
- โก๏ธ User accesses the SP (e.g., internal portal).
- โก๏ธ SP generates a SAMLRequest and redirects the user to the IdP.
- โก๏ธ User logs in to the IdP.
- โก๏ธ IdP generates a SAMLResponse and sends it back to the SP via browser.
- โก๏ธ SP verifies the SAMLResponse and logs the user in.
๐จ SAMLRequest and SAMLResponse
Both SAMLRequest and SAMLResponse are encoded XML messages exchanged via browser.
Format Overview
- ๐ SAMLRequest: Sent from SP to IdP, can be sent via Redirect or POST.
- ๐ SAMLResponse: Sent from IdP to SP, usually signed for security.
- ๐ Both are Base64-encoded XML strings.
๐ Where SAML is Used
Common Use Cases
- โ Single sign-on between internal systems and cloud apps.
- โ Connecting Google Workspace or Microsoft 365 to external tools.
- โ Sharing login sessions across multiple services.