What is SAML Authentication?
Security Assertion Markup Language (SAML) is an open standard for authentication and authorization across the different systems. It is implemented with the XML standard for sharing data and SAML is a way of SSO implementation. Single Sign-on (SSO) is an authentication service that allows users to access multiple applications with the help of a single set of credentials.
SAML Authentication make use of below elements:
- SAML Assertion: It is an XML Message that carries the user’s identity and other user attributes
- Identity Provider (IdP): The service that issues SAML Assertion and authenticates the user.
- Service Provider (SP): The protected resource that the user wants to access.
SAML Authentication Workflow:
Observe the below image that shows the workflow of SAML Auth.
Step 1: User tries to access private resources from SP.
Step 2: SP generates SAML Request.
Step 3: After generating SAML Request SP redirects the user to IdP.
Step 4: IdP ask the user to authenticate with login details.
Step 5: IdP validates the user and generates SAML Response that contains the SAML Assertion required for SP.
Step 6: The IdP redirects the user to SP’s Assertion Consumer Service (ACS).
Step 7: ACS validates the user and allows the user to access the protected resource.
Step 8: Now users able to access resources from SP.
Let’s see SAML Auth workflow with Request and Response:
We have an application https://demo.com [Service Provider] which makes use of SAML Authentication and we are using OnLogin [Identity Provider] account to access the application. OnLogin is an access management system that uses SSO to allow the user to access applications.
- Observe in the below image that, user singing into com [SP] application that supports SAML Auth using his id.
- As the application doesn’t know the user so, it generates SAML Request to be sent to Identity Provider i.e. OnLogin. you can see highlighted parts in the below image.
- Now IdP validates SAML Request and asks the user to authenticate. Observe in the below image that, user navigated to the login page.
- Observe in the below image that, user feeding his credentials to IdP.
- Now IdP validates the user and generates SAML Response that contains XML message that required by the Service provider to provide access to the user.
- Observe in the below image that, SP gave access to his protected resource after validating SAML Response.
This is how SMAL Assertion, Service Provider and Identity Provider work together to complete SAML Authentication.