SAML 2 For Web Explained In Simple Words
--
I was working on this project a while ago related to SAML Protocol for SSO (Single Sign On) feature. Well, simply to put it into words I had to read a lot to understand how this amazing protocol works and how to use its features.
To start, I will explain what is SAML. SAML is a short Security Assertion Markup Language , meaning its a protocol used to enable authentication and authorization of services between two main services providers that are integrated with each other (SSO), something similar to what some services have like facebook/google login.
The difference here is that this is setup between a company A (ex. PostsNStuff) and a company B (ex. ImportantBusinessPeople). let’s say company ImportantBusinessPeople wants its employees to use a service they integrated with PostsNStuff. but, they want their employees to use that service using the same credentials they have in company ImportantBusinessPeople. this is where the integration of authorization and authentication happen between ImportantBusinessPeople and PostsNStuff happens. I hope I drew a clear picture up there.
To make things easier we’re going to call the companies: IBP (ImportantBusinessPeople) and PNS (PostsNStuff)
Lets start being technical~ish
So the scenario is as follow:
- Employees from IBP opens PNS to use it.
- PNS It requires the user to login using their IBP credentials.
- The user enters those credentials
- Suddenly they’re logged in into the PNS system magically with their information from IBP.
Let’s get more technical.
How does this protocol works?
SAML can be used for many things on Mobile/ sending messages back and forth and other stuff.
We’re going to focus only on the web part of it for logging in in using POST method.
