SAML Specs and Structure
SAML is standardized by OASIS, and SAML 2.0 is the mainstream version. Here is a quick breakdown of the pieces that make SAML work.
๐ SAML Specifications and Versions
SAML 2.0 is the common choice. It defines message structure, transport methods, and how metadata should be written.
Key Points
- โ SAML 2.0 is the standard; 1.1 is not compatible.
- โ Specs are split by role: Assertion, Protocol, Binding, Metadata, etc.
- โ Bindings like HTTP-Redirect and HTTP-POST are the common transport methods.
- โ Metadata shares IdP/SP endpoints and certificates in XML.
๐งฉ A Closer Look at Each Part
The SAML 2.0 specs are made of multiple parts. Here is a simple breakdown of what each covers.
Version
- ๐ SAML 2.0 is mainstream; do not mix with 1.1.
- ๐ IdP and SP must agree on the same version.
Assertion
- ๐ The core XML that states who authenticated, when, and how.
- ๐ Includes conditions (NotBefore/NotOnOrAfter) and Audience that SP must verify.
Protocol
- ๐ก Defines the format and flow of Request/Response.
- ๐ก AuthnRequest and LogoutRequest/Response elements and attributes are specified here.
Binding
- ๐ Rules for transporting messages: HTTP-Redirect, HTTP-POST, Artifact, etc.
- ๐ Covers signatures and compression (e.g., Deflate for Redirect).
Metadata
- ๐ XML format for exchanging IdP/SP endpoints, certificates, and entity IDs.
- ๐ Used for auto-importing settings and reducing configuration mistakes.