Security Assertion Markup Language (SAML) is an open standard that provides a secure means of authenticating and authorizing a user to resources on the internet. SAML eliminates the need of a user to provide an authentication credential such as a password, to every internet resource the user accesses. The following entities participate in SAML-based communication:
User
The party accessing a resource on the internet.
Service provider
The application, resource, or service the user wants to access.
Identity provider
The entity that authenticates the user to the service provider.
A SAML-enabled identity provider and a SAML-enabled service provider can communicate with each other. The user has an account with the identity provider. The identity provider maintains a list of users and can authenticate them.
The user attempts to access a service provider. The service provider contacts the identity provider. The identity provider authenticates the user, sending an assertion, or message containing information about the user, back to the service provider. The service provider determines that the assertion is valid, then allows the user access.
SAML-based user-authentication activity is transparent to the user. Any service provider that can communicate with an identity provider with which the user has an account can obtain user authentication and grant access to the user. The user authenticates once, with the identity provider,. Then, the user can potentially access all the service providers that communicate with the identity provider.