📖 What is Security Assertion Markup Language (SAML)?
Security Assertion Markup Language (SAML) is an XML-based open standard for exchanging authentication and authorization data between an identity provider and a service provider. It is primarily used to enable Single Sign-On (SSO) across different web domains and organizations.
"SAML is the industry standard for enterprise SSO and relies heavily on XML assertions to pass identity information."
📚 Certification: CompTIA Security+ Certification Exam (SY0-701)
🔑 What are the Key Concepts of Security Assertion Markup Language (SAML)?
- ▸ The Identity Provider (IdP) acts as the central authority that authenticates the user and generates the SAML assertion for the service provider.
- ▸ The Service Provider (SP) is the application or resource that relies on the IdP to verify the user's identity before granting access.
- ▸ SAML Assertions are XML-based tokens that carry security statements, such as user identity and attributes, from the IdP to the SP.
- ▸ A trust relationship is established between the IdP and SP using metadata and digital certificates to ensure assertions are authentic and untampered.
- ▸ Single Sign-On (SSO) allows users to authenticate once with the IdP to gain access to multiple independent SPs without re-entering credentials.
🎯 How does Security Assertion Markup Language (SAML) appear on the SY0-701 Exam?
You may be asked to identify the best protocol for a company that wants its employees to use corporate credentials to access a third-party SaaS application, requiring a standard that supports cross-domain authentication and Single Sign-On.
A scenario might describe a need to integrate an on-premises Active Directory with a cloud-based HR system, asking which XML-based standard facilitates this identity exchange while maintaining a centralized authentication authority.
Expect questions comparing SAML to OAuth; you will need to distinguish between a protocol used for enterprise identity federation and SSO versus a framework used for delegated API authorization and access tokens.
❓ Frequently Asked Questions
How does SAML differ from OAuth 2.0?
SAML is an authentication protocol designed for Single Sign-On in enterprise environments, focusing on identity. OAuth 2.0 is an authorization framework designed to grant applications limited access to resources without sharing passwords.
Is SAML used for mobile app authentication?
While possible, SAML's heavy XML structure is often cumbersome for mobile apps. Modern implementations typically prefer OpenID Connect (OIDC), which uses lightweight JSON Web Tokens (JWT) better suited for mobile and API environments.