Security Assertion Markup Language

Security Assertion Markup Language - Federations

The Federation Module enables SAML federated single sign-on from identity providers to service providers. All partners in the federation must use the same SAML specification and agree on protocols, bindings, and profiles.

Users authenticate at an identity provider.
Service providers consume the information asserted by the identity provider
SAML uses SOAP to exchange XML messages over computer networks. The XML messages are exchanged through a series of requests and responses.
SAML descriptors:

Assertions XML-formatted tokens used to transfer user identity information, such as the authentication, attribute, and entitlement information, in the messages.
Protocols The types of request messages and response messages used for obtaining authentication data and for managing identities.
Bindings Communication method used to transport the messages.
Profiles Combinations of protocols, assertions, and bindings used together to create a federation and enable federated SSO.

SAML 1.1

SAML 2.0

SAML profiles

Customize SAML identity mapping

Create a SAML federation

Create a SAML partner

SAML 2.0 bindings

SAML 2.0 name identifier formats

Customize the SAML 2.0 login form

Customize AuthnContext using identity mapping rule

Customize SAML 2.0 pages

Configure the user session ID for the federation runtime

Synchronizing system clocks in the federation

Parent topic: Federation configuration

Assertions	XML-formatted tokens used to transfer user identity information, such as the authentication, attribute, and entitlement information, in the messages.
Protocols	The types of request messages and response messages used for obtaining authentication data and for managing identities.
Bindings	Communication method used to transport the messages.
Profiles	Combinations of protocols, assertions, and bindings used together to create a federation and enable federated SSO.