SAML: An Interesting Overview in 7 Points

Ajay Ohri


Before bouncing into the specialized language, we look at a model that exhibits what is SAML and why it’s useful.

SAML or Security Assertion Markup Language is a normalized approach to tell outside applications and administrations that clients are who they say they are. Security Assertion Markup Language makes Single Sign-On or SSO innovation conceivable by giving an approach to verify a client once and afterward impart that confirmation to numerous applications. The most current form of Security Assertion Markup Language will be SAML 2.0.

In this article let us look at:

  1. What is SAML Used For?
  2. What is a SAML Provider?
  3. SAML Assertion
  4. How Does SAML Work?
  5. SAML Example
  6. SAML vs OAuth
  7. Advantages of SAML Authentication

1. What is SAML Used For?

Security Assertion Markup Language improves combined authorisation and authentication measures for service providers, Identity providers, and users. Security Assertion Markup Language gives an answer to permit your service providers and identity provider to exist independently from one another, incorporating client executives and giving admittance to software as a service solution.

Security Assertion Markup Language executes a protected technique for passing client authorisations and authentications between the service providers and identity provider. When a user signs into a Security Assertion Markup Language empowered application, the service provider demands approval from the suitable identity provider. The identity provider verifies the client’s credentials and afterwards returns the client’s approval to the service provider, and the client is presently ready to utilise the application.

Security Assertion Markup Language authentication is the way toward checking the user’s credentials and identity. Security Assertion Markup Language authorisation tells the service provider what admittance to concede the user authenticated.

2. What is a SAML Provider?

A Security Assertion Markup Language provider is a framework that helps a client access assistance they need. There are two essential sorts of Security Assertion Markup Language providers, identity provider & service provider.

  • Identity provider: It plays out the confirmation that the end-client is who they say they are and sends that information to the service provider alongside the client’s entrance rights for assistance.
  • Service provider: It needs validation from the identity provider to allow approval to the client.

3. SAML Assertion

A Security Assertion Markup Language assertion is a message that tells a service provider that a client is endorsed. Security Assertion Markup Language assertions contain all the data fundamental for a service provider to affirm client identity, including the conditions that make the assertion substantial, the time it was given, and the wellspring of the affirmation.

Consider a Security Assertion Markup Language assertion resembling the substance of a reference for a task competitor: the individual giving the reference says when and for how long they functioned with the applicant, what their job was, and their assessment of the candidate.

4. How Does SAML Work?

Security Assertion Markup Language works by passing data about attributes, logins, and users between the service providers and identity provider. Every client sign in once to SSO with the identity provider. Afterwards, the identity provider can pass Security Assertion Markup Language attributes to the service provider when the client endeavours to get to those administrations.

The service provider demands authentication and authorisation from the identity provider. Since both frameworks communicate in a similar language – Security Assertion Markup Language – the client just requirements to sign in once.

Every service provider and identity provider need to concur upon the setup for Security Assertion Markup Language. The two closures need to have a specific setup for the SAML authentication.

5. SAML Example

  • User logs into Single Sign-On or SSO.
  • The user attempted to access a website page.
  • The service provider checks the user credentials with the identity provider.
  • The identity provider sends authentication and authorisation messages back to the service provider.
  • The user would now be able to log into CRM.

6. SAML vs OAuth

Other than Security Assertion Markup Language not exactly mobile support, what’s the difference between the two SAML vs OAuth is? As we’ve seen, the Security Assertion Markup Language standard characterises how suppliers can offer both authorisation and authentication administrations. OAuth, then again, just arrangements with approval. OpenID Connect is an even more up to date standard, created in the year 2014, that gives validation benefits and is layered on top of OAuth.

OAuth is a fairly more up to date standard than Security Assertion Markup Language, grew together by Twitter and Google starting in the year 2006. It was created to make up for Security Assertion Markup Language inadequacies on mobile platforms and depends on JavaScript Object Notation as opposed to Extensible Markup Language.

7. Advantages of SAML Authentication

Absent a lot of ado, the advantages of SAML Authentication involve:

  • Loose coupling of directories
  • Standardization
  • Increased security
  • Reduced costs for service providers
  • Improved user experience


SAML is an open standard that permits security credentials to be shared by numerous PCs across a network. It depicts a structure that permits one PC to play out some security capacities for at least one different PCs.
Carefully speaking, Security Assertion Markup Language alludes to the Extensible Markup Language variation language utilised to encode this data. The term can likewise cover different SAML protocol profiles and messages that make up part of the norm.

So, have you made up your mind to make a career in Cyber Security? Visit our Master Certificate in Cyber Security (Red Team) for further help. It is the first program in offensive technologies in India and allows learners to practice in a real-time simulated ecosystem, that will give them an edge in this competitive world.


Related Articles

Please wait while your application is being created.
Request Callback