What is SAML?
SAML, or Security Assertion Markup Language, is an open protocol that is used to exchange information between the auth server and the client application. Some identity providers require OAuth 2.0 for user login, some require SAML, and some can work with both.
#
How does SAML work?In a nutshell, your SAML identity provider will provide a metadata file (which is a .xml file) which you or your end users need to upload to the SAML client.
The .xml
metadata file contains (amongst other things):
- A unique entity ID that you must keep private. This is used by the SAML provider to identify your application.
- A public certificate that is used to verify the signature attached to the incoming SAML response. This ensures the response is coming from the expected Identity Provider.
- Information about where to redirect the end user to when they click on the login button in your application. This URL will be to a website that is controlled by the SAML provider and will ask the end user for their credentials.