SAML 2.0

8000 views August 14, 2017 August 1, 2018 4

Security Assertion Markup Language (SAML) is an XML-based standard for exchanging authentication and authorization data between security domains. This is normally between an identity provider like Id.Signicat and a service provider (the customer). SAML is a product of the OASIS Security Services Technical Committee (external link).

SAML assumes that the end-user has enrolled with at least one identity provider. This identity provider is expected to provide local authentication services to the end-user. However, SAML does not specify the implementation of these local services; indeed, SAML does not care how local authentication services are implemented.

SAML has been a de facto standard protocol for identity management, and is now supported by most of the biggest actors in the computer industry. Today Id.Signicat supports SAML v.1.1 and v.2.0. For detailed information about SAML, and access to several white papers, please visit this page (external link) on the OASIS website.

Signicat supports the SAML 2.0 standard fully, via a gateway commonly referred to as the “SAML gateway” or “SAML2 gateway”. If you are using an identity federation service such as Microsoft ADFS or Oracle Identity Federation, then you are most likely interested in Signicat’s SAML2 gateway.

Authentication using SAML 2.0

Signicat’s SAML2 gateway provides authentication of Internet users over the SAML2 protocol, between service providers (SP) and Signicat as the identity provider (IdP). The SAML2 gateway is integrated with Signicat’s existing portal, which means that Signicat can provide authentication over the SAML2 protocol for all e-ID methods we are supporting today, and also new e-ID methods that we plan to support in the future.

The service provider must establish a SAML2 federation service on their side. Examples of such federation services are:

  • ADFS from Microsoft
  • OIF from Oracle
  • SimpleSAML, a PHP-based solution developed through a project led by UNINETT in Norway.

Setting up a SAML2 authentication service between an SP and an IdP requires no programming and no third-party client kits, only configuration. The IdP and other communication parameters between SP and IdP should be configured in this SAML2 federation service.

Was this helpful?