SAML Federations Overview
The Federation Module supports SAML 1.1 and 2.0 federations. Security Assertion Markup Language (SAML) performs federated single sign-on from identity providers to service providers. Users authenticate at identity provider. Service providers consume the identity information asserted by identity providers. SAML relies on the use of SOAP, among other technologies, to exchange XML messages over computer networks. The XML messages are exchanged through a series of requests and responses. In this process, one of the federation partners sends a request message to the other federation partner. Then, that receiving partner immediately sends a response message to the partner who sent the request.
The SAML specifications include descriptors to establish a federation, initialize, and manage single sign-on. The following descriptors specify the structure, content of the messages, and the way the messages are communicated between partners and users.
Assertions XML-formatted tokens used to transfer user identity information, such as the authentication, attribute, and entitlement information, in the messages. Protocols The types of request messages and response messages used for obtaining authentication data and for managing identities. Bindings The communication method used to transport the messages. Profiles Combinations of protocols, assertions, and bindings used together to create a federation and enable federated single sign-on.
You and the partner must use the same SAML specification and agree on which protocols, bindings, and profiles to use.
- SAML 1.1
- SAML 2.0
- SAML profiles
- Customize SAML identity mapping
- Create a SAML federation
- Create a SAML partner
- SAML 2.0 bindings
- SAML 2.0 name identifier formats
- Customize the SAML 2.0 login form
- Customize AuthnContext using identity mapping rule
- Customize SAML 2.0 pages
- Configure the user session ID for the federation runtime
- Synchronizing system clocks in the federation
Parent topic: Federation configuration