Identity provider (SAML)
   HOME

TheInfoList



Click Here for Items Related To - Identity provider (SAML)
OR:
Identity provider (SAML) on:   [Wikipedia]   [Google]   [Amazon]

A SAML identity provider is a system entity that issues authentication assertions in conjunction with a
single sign-on Single sign-on (SSO) is an authentication scheme that allows a user to log in with a single ID to any of several related, yet independent, software systems. True single sign-on allows the user to log in once and access services without re-enterin ...
(SSO) profile of the Security Assertion Markup Language (SAML). In the SAML domain model, a ''SAML authority'' is any system entity that issues SAML assertions. Two important examples of SAML authorities are the authentication authority and the attribute authority.


Definition

A ''SAML authentication authority'' is a system entity that produces SAML authentication assertions. Likewise a ''SAML attribute authority'' is a system entity that produces SAML attribute assertions. A SAML authentication authority that participates in one or more SSO Profiles of SAML is called a ''SAML identity provider'' (or simply ''identity provider'' if the domain is understood). For example, an authentication authority that participates in SAML Web Browser SSO is an identity provider that performs the following essential tasks: # receives a SAML authentication request from a relying party via a web browser # authenticates the browser user principal # responds to the relying party with a SAML authentication assertion for the principal In the previous example, the relying party that receives and accepts the authentication assertion is called a SAML service provider. A given SAML identity provider is described by an element defined by the SAML metadata schema. Likewise a SAML service provider is described by an metadata element. In addition to an authentication assertion, a SAML identity provider may also include an attribute assertion in the response. In that case, the identity provider functions as both an authentication authority and an attribute authority.


See also

* Identity provider * Security Assertion Markup Language (SAML) * SAML service provider *
SAML-based products and services Security Assertion Markup Language (SAML) is a set of specifications that encompasses the XML-format for security tokens containing assertions to pass information about a user and protocols and profiles to implement authentication and authorizat ...


References

{{reflist , group="OS" , refs= J. Hodges et al. ''Glossary for the OASIS Security Assertion Markup Language (SAML) V2.0.'' OASIS Standard, March 2005. Document identifier: saml-glossary-2.0-os http://docs.oasis-open.org/security/saml/v2.0/saml-glossary-2.0-os.pdf J. Hughes et al. ''Profiles for the OASIS Security Assertion Markup Language (SAML) V2.0.'' OASIS Standard, March 2005. Document identifier: saml-profiles-2.0-os http://docs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf (for the latest working draft of this specification with errata, see: https://www.oasis-open.org/committees/download.php/56782/sstc-saml-profiles-errata-2.0-wd-07.pdf) ''Metadata Schema for the OASIS Security Assertion Markup Language (SAML) V2.0.'' OASIS Standard, March 2005. Document identifier: saml-schema-metadata-2.0 http://docs.oasis-open.org/security/saml/v2.0/saml-schema-metadata-2.0.xsd XML-based standards Federated identity