Security Assertion Markup Language (SAML) is an open standard that provides a secure means of authenticating a user and authorizing the user’s access to resources on the internet. SAML eliminates requiring an authentication credential such as a password to every internet resource the user accesses. The following entities participate in SAML-based communication:

A SAML-enabled service provider communicates with the SAML-enabled identity provider to authenticate the user in the following way:

The user attempts to access a service provider. The service provider contacts the identity provider. The identity provider authenticates the user, sending an assertion, or message containing information about the user, to the service provider. The service provider checks that the assertion is valid, and then allows the user access.

SAML-based user-authentication activity is transparent to the user. Any service provider that can communicate with an identity provider with which the user has an account can obtain user authentication and grant access to the user. The user authenticates once, with the identity provider. Then, the user can access all the service providers that communicate with the identity provider.

System Console, Visualization Platform, and BIRT Analytics use SAML to authenticate and authorize users.

BIRT iHub provides its own SAML IdP implementation, which is a customized implementation of Shibboleth IdP 2.4.0 OpenSAML API supporting SAML 2.0. This implementation uses the default authentication method, which specifies PasswordProtectedTransport and PreviousSession. BIRT iHub does not support other third‑party SAML identity provider software.