{"id":44,"date":"2023-08-03T17:49:41","date_gmt":"2023-08-03T17:49:41","guid":{"rendered":"https:\/\/webtestinglink.com\/beta\/sourabhgupta\/?p=44"},"modified":"2025-10-18T21:50:06","modified_gmt":"2025-10-18T21:50:06","slug":"lorem-ipsum-dolor-sit-amet-consectetur-adipisicing-elit","status":"publish","type":"post","link":"https:\/\/webtestinglink.com\/beta\/sourabhgupta\/lorem-ipsum-dolor-sit-amet-consectetur-adipisicing-elit\/","title":{"rendered":"Looking at SAML In 2023 !"},"content":{"rendered":"

What is SAML<\/h3>\n

SAML stands for\u00a0Security Assertion Markup Language<\/strong>. It is an XML-based open-standard for transferring identity data between two parties: an identity provider (IdP<\/em><\/strong>) and a service provider (SP<\/em><\/strong>).<\/p>\n

\n

SAML basically asks as a link between the authentication of a user\u2019s identity and the authorization to use a service.<\/em><\/strong><\/p>\n<\/blockquote>\n

SAML, created by OASIS, remains the dominant standard among the various standards existing in the world of Federated Identity Management. The common goal among these standards is to enrich the user experience and enhance security.<\/p>\n

SAML enables web browser SSO by allowing users to sign in to apps\/services with a single set of credentials. This centralization not only provides convenience to employees but also improves organizational security, among other benefits.<\/p>\n

One of the bigger challenges in the tech world is make sure that applications, products,Saas\/PaaS solutions, cloud solutions etc built by different vendors and companies for different purposes, they work together seamlessly as a Unit. This is known as\u00a0Interoperability, it\u00a0<\/strong>refers to the ability of apps, equipment, products, and systems from different companies(vendors) to seamlessly communicate and process data in a way that does not require any involvement from end-users.<\/p>\n

So\u00a0SAML is an interoperable standard\u00a0<\/em>\u2014 it is a widely accepted way to communicate a user\u2019s identity to different service providers.<\/p>\n

SAML does two key functions:<\/p>\n

    \n
  1. Authentication:<\/strong>\u00a0determining and ensuring that users are \u201cwho they claim to be\u201d.<\/li>\n
  2. Authorization:<\/strong>\u00a0passing user authorization to applications for access to certain systems or content.<\/li>\n<\/ol>\n

    How does SAML work?<\/h3>\n

    As per wikipedia: \u201cThe SAML specification defines three roles: the\u00a0principal<\/strong>\u00a0(typically a human user), the\u00a0identity provider<\/strong>\u00a0(IdP) and the service provider (SP).In the primary use case addressed by SAML, the principal requests a service from the service provider. The service provider requests and obtains an authentication assertion from the identity provider. On the basis of this assertion, the service provider can make an access control decision, that is, it can decide whether to perform the service for the connected principal.\u201d<\/p>\n

    With SAML SSO, the users do not log into the applications directly. Instead, they log into an SSO based platform. When a user himself authenticates successfully, SAML gives that user access to multiple resources across multiple domains.<\/p>\n

    \n

    What is a SAML assertion?<\/strong><\/h3>\n<\/figure>\n
    \n
    \n
    \n

    SAML assertions are noting but XML documents sent from an IdP to an SP which identify users, and contain pertinent dat about them, and specify their privileges in the target application or service.<\/p>\n

    There are three types of SAML assertions:<\/p>\n

      \n
    1. Authentication assertions:\u00a0<\/strong>these assertions are generated by the system that authenticates a user and contain information about how the authentication decision transpired and log information including timestamps.(Eg.password, MFA, Kerbeos, etc.)<\/li>\n
    2. Attribute assertions: it\u00a0<\/strong>passes the SAML attributes to the service provider \u2014 SAML attributes are specific pieces of data that provide information about the user.The attribute used by SAML to identify the user is assumed to be the same in both the IdP and SP directory.<\/li>\n
    3. Authorization assertions:<\/strong>\u00a0an authorization decision assertion says if the user is authorized to use the service or if the identify provider denied their request due to a password failure or lack of rights to the service.<\/li>\n<\/ol>\n

      SAML & SSO:<\/strong><\/h3>\n

      Even though SAML was designed keeping in mind a wide range of use cases , but the most common one in practice is\u00a0Single-sign-on(SSO<\/strong>). SSO, as the name implies, allows a user to log in once and then access multiple services \u2014 websites, cloud solutions or SaaS apps and so on. In an SSO scenario, all these services outsource their authentication and authorization functionality to a single system that then sends identity information about the user to those services.<\/p>\n

      SAML Single Sign-On is a mechanism that leverages SAML allowing authenticated users to log on to multiple web applications and systems, after logging into the identity provider. As the user only has to log in once, SAML SSO provides a faster, seamless user experience.<\/p>\n

      \n
      \n
      \"\"<\/picture><\/div>\n<\/div>\n<\/figure>\n<\/div>\n<\/div>\n<\/div>\n
      \n
      \n
      \n

      Benefits of SAML<\/strong><\/h3>\n
        \n
      1. Improved user experiences\u00a0<\/strong>: SAML not only makes it easier to log in to applications and services, but also helps users be more productive because they can readily access the tools they need to get their jobs done.<\/li>\n
      2. Greater security<\/strong>: SAML provides a single point of authentication at a secure identity provider, which then transfers the user\u2019s identity information to service providers. This ensures that credentials are only sent directly, minimising opportunities for phishing or identity theft.<\/li>\n
      3. Reducing costs:<\/strong>\u00a0implementing SAML saves significant amount of time for IT admin related activities, as it helps to eliminate the need for new ticket creation, submission password reset etc. It also helps to keep development costs to a minimum.<\/li>\n
      4. Single source of identity.\u00a0<\/strong>when an employee joins or leaves a company, you don\u2019t have to worry about the myriad of internal services that now have to be updated, and the ones that will inevitably be missed.<\/li>\n
      5. Interoperability \u2014\u00a0<\/strong>as SAML is an open standard, it makes interoperability possible between diverse systems.<\/li>\n
      6. Platform neutrality<\/strong>\u00a0\u2014 SAML decouples the security framework from platform architectures and vendor-specific implementations. It supports service-oriented architecture (SOA) by making security less dependent on application logic.<\/li>\n
      7. Easy Access of Applications<\/strong>\u00a0\u2014 Logins are easier to remember and more convenient. Users can effortlessly sweep through applications without spending time with required logins.<\/li>\n<\/ol>\n<\/div>\n<\/div>\n<\/div>\n
        <\/div>\n