SAML concepts
SAML is an XML-based, OASIS standard for exchanging user identity and security attributes information. In a typical SAML usage scenario, you authenticate to a security domain and request an identity provider to issue SAML assertions.
The SAML assertions are presented to a security provider when you request access to business resources. In many cases, the services provider and identity provider are in different security domains, meaning that we must authenticate to an identity provider user directory, which is not the same as the user directory of the service provider. WebSphere Application Server multiple security domain support allows a service provider to assert user identity and security attributes to a local security domain, which is based on trust relationship without requiring identity mapping. Use the SAML function to quickly build a Single Sign-On (SSO) solution across enterprises and across the Internet with industry standard SAML security tokens.
Subtopics
- SAML assertions defined in the SAML Token Profile standard
- Default policy sets and sample bindings for SAML
- Overview of APIs for SAML
- SAML usage scenarios
- Limitations of the SAML implementation