SAML – Authorization and Authentication Protocol

Datum: 07.10.2019

Security Assertion Markup Language developed by OASIS is an open source XML-based authentication protocol for web applications used by many companies.

SAML in detail

Today, SAML is a popular authentication and authorization protocol for many organizations. One reason for this is the security provided by Single Sign-On (SSO), which allows a central login for multiple services without repeated logins. On the other hand, there is also a Single Logout Service, which enables a central logout from all services. This is advantageous if, for example, an employee leaves the company. Due to the XML documentation of requests and responses, the SAML installation is independent of the operating system and web server.

SAML Workflow

SAML has a simpler workflow than other authentication protocols. Three components always play an important role in the workflow. These are users, service providers and identity providers. But how do these three components interact?
User wants to access a service (service provider). It is then forwarded to the identity provider and identified there. The identity provider creates a SAML token and forwards it to the service provider. The token consists of user claims (so-called assertions) and is encrypted and signed using XML signature and encryption. This allows the user to access the service.
SAML Authentifizierung

SAML advantages and disadvantages

There are many advantages that speak for SAML but also some disadvantages.
One advantage is that SAML can be transmitted by different transport protocols such as HTTP and SMTP (Simple Mail Transfer Protocol). Another advantage is that the SSO login significantly reduces the administration work, as there is only one database to manage. Since SAML is an XML framework, all answers and questions are delivered as XML documents. This enables SAML to be used on all platforms.

From a technical perspective, an XML-based SAML is very complex. On the other hand, there is a dependency on the identity provider, so that access to the service provider is not possible without the availability of the identity providers.

SAML at gridscale

gridscale is a long-standing service provider that supports SAML and uses Google G Suite. The partners as well as the customer base also benefit from SAML. You don’t have to remember many usernames and passwords, just one credential is enough for a central login. This increases the protection against phishing attacks.

User management

User management deals with the administration of users. Within a company, for example, the identity and rights of users accessing different services are controlled. With the help of SSO technology, SAML enables scalable user management, which simplifies the use of other technologies such as cloud services or cross-functional services of several companies. IT security and compliance policies are reinforced by standards such as SAML.

Conclusion

As you can see, SAML has become firmly established as a standard within many companies. Whether you want to offer it to your employees or as a service to your customers, SAML is versatile and operating system independent. So you always have all possible user access under control.

Back to overview