Security Assertion Markup Language (SAML)

It is a set XML based protocol messages + bindings + profiles. You can find more details in general at the wikipedia page.

To learn about SAML, we will have to learn about Identity Provider (IdP), service provider (SP) and the user . Generally the IdP is provided by some enterprise or organization (say your university or Google), and SP is the application written by you which will use SAML to authenticate users using those IdPs. The user will do various steps using the Broser (in most cases).

Example flow

Here is an example flow.

Example flow

At first the user tries to access some resource using the brower, (1) the SP checks if it is restricted access or not. Say it is only for logged in users, then SP will show a screen to the user (or directly redirect the user) and then redirect the user to do Single Sign-On (SSO) on the IdP (2). After the user logs in, the IdP respons (4) with XHTML form which automatically does HTTP POST request from the browser (5). The SP then varifies the SAML XML (assertion) and treats the user as logged in. In the final step (6) the SP finally redirects the user to the initial resource.

To know about how do they look like, please read (use Google to translate) docs.italia.it.

More examples can be found at samltool.com.

Learning SAML with Python

Security Assertion Markup Language (SAML)

Example flow