What is a SAML Assertion?
A SAML Assertion is an XML document that the identity provider sends to the service provider containing user authorization.
SAML Assertion is of three types:
- It proves the identification of the user
- It provides the time at which the user logged in.
- It also determines which method of authentication has been used.
- An attribute assertion is used to pass the SAML attributes to the service provider where attribute contains a piece of data about the user authentication.
- Authorization decision
- An authorization decision determines whether the user is authorized to use the service or identity provider denied the request due to the password failure.
Working of SAML
- If a user tries to access the resource on the server, the service provider checks whether the user is authenticated within the system or not. If you are, you skip to step 7, and if you are not, the service provider starts the authentication process.
- The service provider determines the appropriate identity provider for you and redirects the request to the identity provider.
- An authentication request has been sent to the SSO (SINGLE SIGN-ON) service, and SSO service identifies you.
- The SSO service returns with an XHTML document, which contains authentic information required by the service provider in a SAMLResponse parameter.
- The SAMLResponse parameter is passed to the Assertion Consumer Service (ACS) at the service provider.
- The service provider processes the request and creates a security context; you automatically logged in.
- After login, you can request for a resource that you want.
- Finally, the resource is returned to you.