Open in app

Sign in

Write

Sign in

SAML- Security Assertion Markup Language

Pranav S Khodanpur (anushku)
2 min readNov 6, 2023

SAML, or Security Assertion Markup Language, allows a user to log in to one system sometimes only once for multiple applications (single sign-on) and then access other systems or services without needing to re-enter their credentials.

SAML 2.0 that is current version was introduced in the year 2005, it uses XML format to store or communicate information regarding authorisation status.

To understand SAML we must know what IdP(Identity Provider) and SP(Service Provider) are, IdP can be considered as a place where user credentials are stored while SP uses this information to authenticate user

Imagine we want to access an online banking payments application (Service Provider). The bank’s website is the Identity Provider (IdP). Here’s how SAML works in this scenario:

  • We visit our bank’s application and attempt to log in to our account.
  • Bank website that is IdP(Identity Provider) establishes a connection between our application SP(Service Provider) using:

Public keys & Encryption algorithms

  • The bank’s website (IdP) verifies our credentials, such as our username and password.
  • Once our identity is confirmed, the IdP creates a SAML assertion. This assertion is a digitally signed document that contains information about you, such as our identity and our authentication status.
  • The bank’s website sends this SAML assertion to the online banking payments application (Service Provider).
  • The online banking application (Service Provider) receives the SAML assertion and verifies the digital signature to ensure it’s coming from a trusted source, the IdP.
  • Upon successful verification, the online banking application grants us access to our account, trusting the identity information provided by the IdP, we can use the application without needing to log in again.

There is another notable protocol OIDC(Open ID Connect), it is modern authorisation and authentication protocol. It uses JSON Web Tokens (JWT) for communication and is built on top of OAuth 2.0, making it a more flexible and versatile option for modern web and mobile applications

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Saml
Authorization
Sso
Pranav S Khodanpur (anushku)
Pranav S Khodanpur (anushku)

Written by Pranav S Khodanpur (anushku)

5 Followers
2 Following

Mobile | Web developer

No responses yet

Write a response

What are your thoughts?

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams