SAML is an acronym used to describe the Security Assertion Markup Language (SAML). Its primary role in online security is that it enables you to access multiple web applications using one set of login credentials. It works by passing authentication information in a particular format between two parties, usually an identity provider (IdP) and a web application as a service provider (SP).

While SAML is only a language to define who’s IdP and SP. The most important role of SAML is single sign-on (SSO) where the user can sign in once for more than one service provider across security domains. Below is an example of how the use case is:

How it works (ref: SAML authentication with Azure Active Directory)

SAML is based on XML, which is used to transfer identity data between two parties, identity provider to service provider. The authentication would occur on the identity provider and the SAML would be sent to the service provider, thus the user would be logged in to the service provider.

Here’s an example of a SAML request:

Example of SAML request

and this is for the response:

Example of SAML response

The conclusion is SAML is only language based on XML, while SAML authentication is method that uses SAML to doing the authentication. Most important role of SAML authentication is to provide SSO (Single Sign On). Even though there are alternatives for SSO like OAuth, OIDC, or LDAP which have different use cases.

---

I am personally learning SAML mostly with this video which very easy to understand. That’s very recommended to watch.

References

• Protocols