3. What is SAML?
Security Assertion Markup Language
XML based protocol
OASIS approved standard
SAML 1.0 November 2002
SAML 1.1 September 2003
SAML 2.0 March 2005
Flexible and extensible protocol designed to be used
by other standards
4. SAML Roles
Identity Provider (IdP) / Asserting party
Service Provider (SP) / Relying party
User
5. Advantages of SAML
Platform neutral
Loose coupling of directories
Improved online experience for end users
Supported by many SaaS applications
Increased security
Strong commercial and open source support
6. Use cases
Web Single Sign-On
Attribute based authorization
Identity Federation
WS-Security
10. Profiles
Web Browser SSO Profile
Enhanced Client and Proxy (ECP) Profile
Identity Provider Discovery Profile
Single Logout Profile
Assertion Query/Request Profile
Artifact Resolution Profile
Name Identifier Management Profile
Name Identifier Mapping Profile
11. Liferay and SAML 2.0
Available as a EE plugin
Supports two operation modes
Identity Provider
Service Provider
Built on top of OpenSAML
Uses Java keystore for credentials
Configured using SAML metadata and portal(-
ext).properties
12. Features
IdP initiated Web SSO
SP initiated Web SSO
SP initiated Single Logout
IdP initiated Single Logout
Consumes and Produces SAML Metadata
Attribute statement generation (IdP)
JIT provisioning using attribute statements (SP)
13. IdP Supported Bindings
Web Single Sign-On Profile
HTTP Redirect Binding (AuthnRequest)
HTTP Post Binding (AuthnRequest and Response)
Single Logout Profile
HTTP Redirect Binding (SP initiated only)
SAML SOAP Binding (IdP to SP only)
14. SP Supported Bindings
Web Single Sign-On Profile
HTTP Redirect Binding (AuthnRequest)
HTTP Post Binding (Response)
Single Logout Profile
HTTP Redirect Binding (SP initiated only)
SAML SOAP Binding (IdP to SP only)