SAML 2.0 (Federation)

The Federation Module relies on the SAML 2.0 specification to establish a federation and to initialize and manage single sign-on.

Assertions

The assertions contain authentication statements. These authentication statements assert the principal (that is, the entity that requests access) was authenticated. Assertions can also carry attributes about the user the identity provider wants to make available to the service provider.

Assertions are typically passed from the identity provider to the service provider.

The content of the assertions created is controlled by the SAML 2.0 specification. Select these assertions when you establish a federation. We can also select these assertions by the definitions that are used in the identity mapping method that we configure.

The identity mapping method can either be a custom mapping module or a JavaScript mapping rule. The identity mapping also specifies how identities are mapped between federation partners.

Protocols

SAML 2.0 defines several request-response protocols that correspond to the action that is being communicated in the message. The SAML 2.0 protocols supported are:

• Authentication request
• Single logout
• Artifact resolution
• Name identifier management

The Enhanced Client or Proxy (ECP) flow is currently not supported by Security Verify Access.

Parent topic: SAML Federations Overview