2.17 Security Assertion Markup Language (SAML)
SAML authentication is an additional authentication mechanism in DSR/SDS to existing
local and LDAP authentication mechanisms for authenticating user. SAML is an XML-based
open standard for exchanging authentication data between a Service Provider (providing a
service to the user) and an Identity Provider(providing user identity verification Ac
for the Service Provider). Web applications leverage SAML via the IDP to authenticate
the user. Service Provider does not need to store passwords and not having to address
forgotten password issues. IDP and SP exchange their metadata containing information
required for interaction between them.
Table 2-12 Terms and definition
| Terms | Definition |
|---|---|
| Identity Provider (IDP) | Entity that verifies the identity of the user, in response to a request by the Service Provider. The Identity Provider is responsible for maintaining and authenticating the user's identity. |
| Service Provider(SP) | Service Provider (SP) offers a service to the user and allows the user to sign in by using SAML. |
| SAML Metadata | SAML metadata is an XML document containing necessary information for communication between identity provider and service provider. |
| SAML Assertion | An XML document returned by the Identity Provider to the Service Provider after authentication of the user. |
| Assertion Consumer Service(ACS)endpoint | The endpoint where the Service Provider will receive SAML assertions issued by the Identity Provider. |
| Entity ID | A unique identifier for a SAML entity. A SAML entity can be a Service Provider or an Identity Provider. |
| Bindings | SAML requestors and responders communicate by exchanging messages. The mechanism to transport these messages is called a SAML binding. |
| Metadata | A set of information supplied by the IdP to the SP, and/or vice versa, in XML format. |