Shruthi Krishnan

B.Tech chemical engineering graduate turned into a passionate writer.


I have been creating make believe worlds ever since I was a child. I have a personal blog where I occasionally post things that I am inspired by. 

I have extensive experience in digital marketing, ranging from social media management, digital ads, email marketing, writing web pages, video scripts, and numerous blogs as a part of my work experience in Zoho, Skill-Lync, and ting digital agency. Along with various other freelance projects for fitness based companies. 

With my versatile work experience and subsequently, the content I have created, I am very strongly inclined towards the creative side of marketing.

← Back to portfolio
Published on

Article 1-SAML

Abbreviated as Security Assertion Markup Language, SAML is an open standard for exchanging authorizaton and authentication between an identity provider and a service provider. The identity provider is a service that creates and manages identity information of users, while service provider provides services to the end users.

SAML is a standard Single Sign On (SSO) format. SSO is an authentication process that enables users to access multiple applications with a single set of login credentials. SAML is an XML based framework where authentication information is exchanged through digitally signed XML documents.

SAML uses tokens, which are digitally signed and encrypted messages with authentication and authorization data. A digital signature is a mathematical scheme for verifying the authenticity and integrity of a digital message.

The Three Roles

The SAML specification specifies three different roles:

  • The principal - The user who requests a service from the service provider.
  • The service provider (SP) - Obtains authentication assertion from the Identity provider, makes access control decision and subsequently provides the requested service to the principal.
  • The identity provider (IdP) - Provides authentication assertion for the principal.

 ⇄ ⛅ ⇄

SAML components

The SAML assertion

This is the XML document that contains the user authorization data, which the IdP sends to the SP. SAML defines three types of statements:

  • Authentication assertion, which gives the identification of the user along with the time that they logged in and the authentication method that they used.
  • Attribution assertion, which passes the SAML attributes to the service provider. SAML attributes are specific pieces of data that provide information about the user.
  • An authorization decision, which says if the user is authorized or denied to utilize the requested service.

SAML Protocol

This defines how SAML requests for and gets assertion while handling SAML request and response elements. The most important type of SAML protocol request is called a query. There are 3 types of queries corresponding to the SAML assertion, namely:

  • Authentication query
  • Attribute query
  • Authorization query

SAML Binding

It is the mapping of SAML protocol messages onto standard messaging formats. One of the most common type of SAML binding is the SOAP binding, which enables SAML requestors and responders to communicate by using a HTTP user agent as an intermediary.

SAML Profile

SAML profile provides a detailed description of the combination of SAML assertions, protocols and bindings, to support well-defined use cases. The most important SAML profile is the web browser SSO profile where the user accesses an SP through a web browser.

The Assertion Consumer Service (ACS)

It is the location at the SP at which the SAML requests from the IdP are accepted. This URL instructs the IdP on where to post the assertions.

SAML work flow

Following is the flow of an SAML authentication

  • First, the user tries to reach the hosted application.
  • The application then generates an SAML request.
  • The application redirects the browser to the SSO URL.
  • The IdP parces the SAML request and authenticates the user.
  • The IdP generates the SAML response in an XML format.
  • The IdP returns the encoded SAML response to the browser which then sends the SAML response to the ACS URL.
  • ACS verifies the SAML response and redirects to the hosted application.
  • The user is now provided with the requested response by the SP (hosted application)
  • SAML allows for better user experience by providing access to multiple service providers by signing in just once.
  • It simplifies the number of passwords that the user needs to remember to one, eliminating password fatigue.
  • It is more secure as the credentials are with a more secure IdP rather than individual applications. Web applications with no passwords are virtually impossible to hack.
  • The communication between the IdP and the SP is also very secure due to the encrypted SAML tokens.
  • It also reduces the cost for service providers, as the IdP bears the burden of maintaining account information instead of maintaining the data across multiple servers.
  • SAML provides standardization for SSO communication, making the development of applications intended for SSO easier.
  • Why use SAML?
    SAML allows for better user experience by providing access to multiple service providers by signing in just once.
  • It simplifies the number of passwords that the user needs to remember to one, eliminating password fatigue.
  • It is more secure as the credentials are with a more secure IdP rather than individual applications. Web applications with no passwords are virtually impossible to hack.
  • The communication between the IdP and the SP is also very secure due to the encrypted SAML tokens.
  • It also reduces the cost for service providers, as the IdP bears the burden of maintaining account information instead of maintaining the data across multiple servers.
  • SAML provides standardization for SSO communication, making the development of applications intended for SSO easier.