SAML Federations Overview

The Federation Module supports SAML 1.1 and 2.0 federations. Security Assertion Markup Language (SAML) performs federated single sign-on from identity providers to service providers. Users authenticate at identity provider. Service providers consume the identity information asserted by identity providers. SAML relies on the use of SOAP, among other technologies, to exchange XML messages over computer networks. The XML messages are exchanged through a series of requests and responses. In this process, one of the federation partners sends a request message to the other federation partner. Then, that receiving partner immediately sends a response message to the partner who sent the request.

The SAML specifications include descriptors to establish a federation, initialize, and manage single sign-on. The following descriptors specify the structure, content of the messages, and the way the messages are communicated between partners and users.

You and the partner must use the same SAML specification and agree on which protocols, bindings, and profiles to use.


Parent topic: Federation configuration