Security Assertion Markup Language (SAML) is an open standard for authentication and authorization across the different systems. It is implemented with XML standard for sharing data and SAML is a way of SSO implementation. Single Sign-on (SSO) is an authentication service that allows users to access multiple application with the help of single set of credentials.
Observe the below image that shows the workflow of SAML Auth.
Step 1: User tries to access private resources from SP.
Step 2: SP generates SAML Request.
Step 3: After generating SAML Request SP redirects the user to IdP.
Step 4: IdP ask the user to authenticate with login details.
Step 5: IdP validates the user and generates SAML Response that contains the SAML Assertion required for SP.
Step 6: The IdP redirects the user to SP’s Assertion Consumer Service (ACS).
Step 7: ACS validates the user and allows the user to access the protected resource.
Step 8: Now user able to access resources from SP.
We have an application https://demo.com [Service Provider] which make use of SAML Authentication and we are using OnLogin [Identity Provider] account to access application. OnLogin is access management system that uses SSO to allow the user to access applications.
This is how SMAL Assertion, Service Provider and Identity Provider work together to complete SAML Authentication.
Ayubali is working as Information Security Analyst at Indusface, where he performs Vulnerability Assessment and Penetration Testing of Web and Mobile application as per OWASP Standards. He has been in security industry since last 3+ years and he is helping various companies to secure their Web and Mobile applications by submitting vulnerabilities over bug bounty programs as well.