×

Why is Saml Needed?

Single sign-on allows users to access multiple services with a single login. By using Single sign-on, the user doesn't need to remember the number of usernames and passwords. Before SAML, products support single sign-on by using browser cookies. User authentication state information is maintained in browser cookies so that re-authentication is not required each time the web user accesses the system. One problem with cookies is, cookies are not transmitted between different domains. With this mechanism, users only have to enter one set of credentials to access their web apps. This greatly increases productivity while keeping data secure. It enables password security and multi-factor authentication ensuring that only authorized users get access to sensitive data.

How SAML Works

The sequence of events goes like this:

  • When a user tries to access the service provider, the service provider, in turn, checks to see if the user is already authenticated within the system. If not, the service provider starts the authentication process. The service provider redirects the user to the single sign-on (SSO) service.
  • The user’s browser sends an authentication request to the SSO service; the service then identifies the user.
  • The SSO service returns an XHTML document, which includes the authentication information needed by the service provider in a SAML Response parameter.
  • The SAML Response parameter is passed on to the service provider. The service provider processes that response and creates a security context for the user; basically, it logs the user in and then tells him where his requested resource is.

With this information, the user can then request the resource he is interested in again. The resource is finally returned to the user.

SAML SSO Flow:

The diagram beside illustrates the single sign-on flow for service provider-initiated SSO, i.e. when an application triggers SSO.

Component space SDK:

Component space SDK succor the integration of SAML single sign-on with easy and comprehensible APIs. It provides seamless, secure access to cloud and corporate web applications using a single username and password.