SAML Blog Series (Part 1): Beginner Guide
What is SAML?
SAML (Security Assertion Markup Language) is an authentication standard used for Single Sign-On (SSO).
It allows one system to authenticate a user and share that authentication with other systems without sharing passwords.
SAML lets you log in once and access multiple applications securely.
Key Actors
- User (Browser)
- Service Provider (SP)
- Identity Provider (IdP)
Example IdPs:
- Okta
- Microsoft Entra ID
High-Level Flow
User -> SP -> IdP -> SP -> User logged in
Full Flow
+--------+ 1. Access App +----------------------+
| User | -------------------------> | Service Provider (SP) |
+--------+ +----------+-----------+
|
| AuthnRequest
v
+----------------------+
| Identity Provider |
+----------+-----------+
|
| Login + MFA
v
+----------------------+
| Signed SAML Response |
+----------+-----------+
|
v
+--------+ POST Response +----------------------+
| User | <------------------------- | Service Provider (SP) |
+--------+ +----------+-----------+
|
| Validate + Session
v
+----------------------+
| SP Session Created |
+----------------------+
What is stored?
SP
- Session ID
- User identity
- Roles
IdP
- Login session
- Signing certificate
SAML Assertion
- Not stored (used once)
Key Idea
SAML is NOT a session system. It is a trust-based identity transfer mechanism.