The Security Assertion Markup Language (SAML) is a security protocol that is based on XML. The basic concept involves the exchange of security assertions about a subject—a person or a computer—that is requesting access to a secure domain. Assertions include whether the subject can access certain resources, and whether an external data source, such as a policy store, is used.
A typical use of SAML-based authentication is in a federated environment, such as cloud-based services that require an extra layer of security in the corporate network. But any SAML implementation involves at least three component roles:
Uses identity information that is stored on another server to let authorized users gain access to a system. Also referred to as the 'service provider.' CA Performance Center has this role when Single Sign-On is configured to use SAML for authentication.
Stores identity or security information and provides it when requested for authentication purposes. The SAML term for this component is the Identity Provider or IdP. The CA SiteMinder server has this role, for example.
Is the user (or computer) associated with the identity information that is stored by the IdP.
|
Copyright © 2013 CA.
All rights reserved.
|
|