Single Sign-On (SSO): SAML Explained
Hello friends, today we will understand the concept of Single Sign-On (SSO). This blog covers what is SAML, what is it used for, and how it works.
Whenever you want to access your mail or social media account, you need to provide your username and password to the application. If the username and password are correct, you successfully log in, but the application denied your access. By providing a username and password, the application authenticates you whether you are the right person to access the account. In other words, you prove your identity to the application. The application also authorizes you to access content based on your rights.
What is SAML?
SAML or Security Assertion Markup Language is a method of achieving Single Sign-On (SSO). You need to enter one security attribute to log in to the application. SAML uses identity providers to prove the user’s identity. It is XML-based and provides more flexibility.
Advantages of using SAML
Here are the pros of using SAML:
- No need to type credentials manually to access content
- No need to remember and renew passwords as there is no attribute related to a password used in SAML
- No weak passwords as there is no field available to enter
How do SAML works?
Web Browser Single Sign-On (SSO) is a primary SAML use case. For understanding how SAML works, you need to understand the role of the user agent, service provider, and identity provider. Here, the user agent is your web browser. The service provider is the software product that you need to access. The identity provider is the entity or server which proves the user’s identity. SAML SSO works by sending the user’s identity from one location, here you can say identity provider to another location, i.e., service provider. Now the question arises of how it is done. This is done through an exchange of digitally signed XML documents.
Here, we will understand how SAML works in 8 steps:
Step 1: The user Agent Requested the target resource at the Service Provider (SP)
In this step, the user requests information or content from the service provider by entering the URL https://www.abc.com/xyz. The Service provider performs a security check on behalf of the target resource. If a user already authenticates with SP, skip steps 2-7 and directly jump to step 8
Step 2: Service Provider (SP) redirects to the SSO Service at the Identity Provider (IP)
In this step, The Service Provider (SP) determines the identity provider of the user and redirects the user agent to the SSO Service at the identity provider.
Step 3: User Agent requests the SSO Service at the Identity Provider
Step 4: Identity Provider (IP) responds with an XHTML form to the User Agent
Step 5: The user Agent requests the Assertion Consumer Service at the Service Provider (SP)
Step 6: Service Provider (SP) redirects the target resource to User Agent by validating the identity of the user
Step 7: User-agent again requests the target resource at the SP
Step 8: Service Provider responds with the requested resource and the user is able to access the requested content on the URL https://www.abc.com/xyz
Subscribe us to receive more such articles updates in your email.
If you have any questions, feel free to ask in the comments section below. Nothing gives me greater joy than helping my readers!
Disclaimer: This tutorial is for educational purpose only. Individual is solely responsible for any illegal act.