background preloader

SAML

Facebook Twitter

Sstc-saml-tech-overview-2.0-draft-03.pdf. Home - OpenSAML 2.x - Confluence. Skip to end of metadataGo to start of metadata Welcome to the OpenSAML website. OpenSAML is a set of open source C++ & Java libraries meant to support developers working with the Security Assertion Markup Language (SAML). OpenSAML 2, the current version, supports SAML 1.0, 1.1, and 2.0. Additionally, various development groups have found the framework created to support OpenSAML 2 useful for their own work. We are in the process of integrating their code supporting WS-Addressing, WS-Security, WS-Trust and XACML. The OpenSAML libraries do not provide a complete SAML identity or service provider. Before starting you may wish to check the Frequently Asked Questions. Projects Using OpenSAML The following projects are those that we know to be using OpenSAML. Thanks to... The following organizations have provided substantial resources to the development of OpenSAML over the years.

The Ohio State UniversityGeorgetown UniversityInternet2NSF Middleware InitiativeSWITCHEGEE. OSTwoUserManual - OpenSAML 2.x - Confluence. Single sign on - Web SSO using Java and SAML 2.0. Blog Archive » (Draft) Technical Comparison: OpenID and SAML. Whitepaper: Technical Comparison: OpenID and SAML - Draft 07a. Abstract This document presents a technical comparison of the OpenID Authentication protocol and the Security Assertion Markup Language (SAML) Web Browser SSO Profile and the SAML framework itself. Topics addressed include design centers, terminology, specification set contents and scope, user identifier treatment, web single sign-on profiles, trust, security, identity provider discovery mechanisms, key agreement approaches, as well as message formats and protocol bindings. An executive summary targeting various audiences, such as end-users, implementors, and deployers, is provided.

We do not attempt to assign relative value between OpenID and SAML, e.g. which is "better"; rather, it attempts to present an objective technical comparison. Revisions of this doument: Table of Contents 1. 1. This paper presents a technical comparison of the OpenID Authentication protocol and the Security Assertion Markup Language framework (SAML), and its Web Browser SSO Profile. 2. 2.1. 2.2. 2.3. 2.4. 2.5. Whitepaper: Technical Comparison: OpenID and SAML - Draft 07a. Abstract This document presents a technical comparison of the OpenID Authentication protocol and the Security Assertion Markup Language (SAML) Web Browser SSO Profile and the SAML framework itself. Topics addressed include design centers, terminology, specification set contents and scope, user identifier treatment, web single sign-on profiles, trust, security, identity provider discovery mechanisms, key agreement approaches, as well as message formats and protocol bindings.

An executive summary targeting various audiences, such as end-users, implementors, and deployers, is provided. We do not attempt to assign relative value between OpenID and SAML, e.g. which is "better"; rather, it attempts to present an objective technical comparison. Revisions of this doument: Table of Contents 1. 1. This paper presents a technical comparison of the OpenID Authentication protocol and the Security Assertion Markup Language framework (SAML), and its Web Browser SSO Profile. 2. 2.1. 2.2. 2.3. 2.4. 2.5. Saml-profiles-2.0-os.pdf. About SAML | SAML XML.org. The Security Assertion Markup Language (SAML) is an XML-based framework for communicating user authentication, entitlement, and attribute information.

It was developed and continues to be advanced by the Security Services Technical Committee of the open standards consortium, OASIS (Organization for the Advancement of Structured Information Standards). As its name suggests, SAML allows business entities to make assertions regarding the identity, attributes, and entitlements of a subject (an entity that is often a human user) to other entities, such as a partner company or another enterprise application.

Prior to SAML, there was no XML-based standard that enabled exchange of security information between a security system (such as an authentication authority) and an application that trusts the security system. SAML provides a standard XML representation for specifying this information and interoperable ways to exchange and obtain it. See also: - SAML Introduction. SAML Wiki Knowledgebase | SAML XML.org. SAML Cook Book | SAML XML.org. Security Assertion Markup Language. The single most important requirement that SAML addresses is web browser single sign-on (SSO). Single sign-on is common at the intranet level (using cookies, for example) but extending it beyond the intranet has been problematic and has led to the proliferation of non-interoperable proprietary technologies. (Another more recent approach to addressing the browser SSO problem is the OpenID protocol.)[2] How SAML works[edit] The SAML specification defines three roles: the principal (typically a user), the identity provider (IdP), and the service provider (SP).

In the use case addressed by SAML, the principal requests a service from the service provider. Before delivering the identity assertion to the SP, the IdP may request some information from the principal – such as a user name and password – in order to authenticate the principal. History of SAML[edit] While Liberty was developing ID-FF, the SSTC began work on a minor upgrade to the SAML standard. Versions of SAML[edit] XML Schema (XSD) SAML 2.0. Security Assertion Markup Language 2.0 (SAML 2.0) is a version of the SAML standard for exchanging authentication and authorization data between security domains.

SAML 2.0 is an XML-based protocol that uses security tokens containing assertions to pass information about a principal (usually an end user) between a SAML authority, that is, an identity provider, and a SAML consumer, that is, a service provider. SAML 2.0 enables web-based authentication and authorization scenarios including cross-domain single sign-on (SSO), which helps reduce the administrative overhead of distributing multiple authentication tokens to the user.[1] Some 30 individuals from more than two dozen companies and organizations were involved in the creation of SAML 2.0. In particular, and of special note, Liberty Alliance donated its Identity Federation Framework (ID-FF) specification to OASIS, which became the basis of the SAML 2.0 specification.

SAML 2.0 Assertions[edit] SAML 2.0 Bindings[edit] 1. 2. 3. 4. 5. 6. SAML 2.0. Security Assertion Markup Language 2.0 (SAML 2.0) is a version of the SAML standard for exchanging authentication and authorization data between security domains. SAML 2.0 is an XML-based protocol that uses security tokens containing assertions to pass information about a principal (usually an end user) between a SAML authority, that is, an identity provider, and a SAML consumer, that is, a service provider. SAML 2.0 enables web-based authentication and authorization scenarios including cross-domain single sign-on (SSO), which helps reduce the administrative overhead of distributing multiple authentication tokens to the user.[1] Some 30 individuals from more than two dozen companies and organizations were involved in the creation of SAML 2.0.

In particular, and of special note, Liberty Alliance donated its Identity Federation Framework (ID-FF) specification to OASIS, which became the basis of the SAML 2.0 specification. SAML 2.0 Assertions[edit] SAML 2.0 Bindings[edit] 1. 2. 3. 4. 5. 6.