Loading...
Home /  Solutions /  SAML SSO

SAML SSO

SAML based SSO mechanism transfers the user’s identity from one place (the identity provider) to another (the service provider) through an exchange of digitally signed XML documents. The application URL is provided within the end-client application where the SAML is used and the mechanism passes token to automatically open the application.

Why is SAML needed?

Single sign on allows users to access multiple services with single login. By using Single sign-on, user no need to remember number of usernames and passwords. Prior to SAML, products support single sign on by using browser cookies. User authentication state information is maintained in browser cookies, so that re-authentication is not required each time the web user accesses the system. One problem with cookies is, cookies are not transmitted between different domains. With this mechanism users only have to enter one set of credentials to access to their web apps. This greatly increases productivity while keeping data secure. It enables password security and multi-factor authentication ensuring that only authorized users get access to sensitive data.

How SAML Works

The sequence of events goes like this:

  • When a user tries to access the service provider, the service provider in turn checks to see if the user is already authenticated within the system. If not, the service provider starts the authentication process. The service provider redirects the user to the single sign-on (SSO) service.
  • User’s browser sends an authentication request to the SSO service; the service then identifies the user.
  • The SSO service returns an XHTML document, which includes the authentication information needed by the service provider in a SAML Response parameter.
  • The SAML Response parameter is passed on to the service provider. The service provider processes that response and creates a security context for the user; basically, it logs the user in and then tells him where his requested resource is.

    With this information, the user can then request the resource he is interested in again. The resource is finally returned to the user.

SAML SSO Flow:

The diagram below illustrates the single sign-on flow for service provider-initiated SSO, i.e. when an application triggers SSO.


Component space SDK:

Component space SDK succor the integration of SAML single sign-on with easy and comprehensible APIs. It provides a seamless, secure access to cloud and corporate web applications using a single username and password.