What is SAML Authentication?

Posted DateSeptember 6, 2019
Posted Time 3   min Read

Security Assertion Markup Language (SAML) is an open standard for authentication and authorization across the different systems. It is implemented with the XML standard for sharing data and SAML is a way of SSO implementation. Single Sign-on (SSO) is an authentication service that allows users to access multiple applications with the help of a single set of credentials.

SAML Authentication make use of below elements:

  • SAML Assertion: It is an XML Message that carries the user’s identity and other user attributes
  • Identity Provider (IdP): The service that issues SAML Assertion and authenticates the user.
  • Service Provider (SP): The protected resource that the user wants to access.

SAML Authentication Workflow:

Observe the below image that shows the workflow of SAML Auth.

SAML Workflow

Step 1: User tries to access private resources from SP.

Step 2: SP generates SAML Request.

Step 3: After generating SAML Request SP redirects the user to IdP.

Step 4:  IdP ask the user to authenticate with login details.

Step 5: IdP validates the user and generates SAML Response that contains the SAML Assertion required for SP.

Step 6: The IdP redirects the user to SP’s Assertion Consumer Service (ACS).

Step 7: ACS validates the user and allows the user to access the protected resource.

Step 8: Now users able to access resources from SP.

Let’s see SAML Auth workflow with Request and Response:

We have an application https://demo.com [Service Provider] which makes use of SAML Authentication and we are using OnLogin [Identity Provider] account to access the application. OnLogin is an access management system that uses SSO to allow the user to access applications.

  • Observe in the below image that, user singing into com [SP] application that supports SAML Auth using his id.

SAML IdP

  • As the application doesn’t know the user so, it generates SAML Request to be sent to Identity Provider i.e. OnLogin. you can see highlighted parts in the below image.

SAML Request

  • Now IdP validates SAML Request and asks the user to authenticate. Observe in the below image that, user navigated to the login page.

SAML Response

  • Observe in the below image that, user feeding his credentials to IdP.

IdP

  • Now IdP validates the user and generates SAML Response that contains XML message that required by the Service provider to provide access to the user.

IdP Validation

 

  • Observe in the below image that, SP gave access to his protected resource after validating SAML Response.

IdP Response

This is how SMAL Assertion, Service Provider and Identity Provider work together to complete SAML Authentication.

web application security banner

Ayubali Beleri

Share Article:

Join 51000+ Security Leaders

Get weekly tips on blocking ransomware, DDoS and bot attacks and Zero-day threats.

We're committed to your privacy. indusface uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.