SAML 2.0 federations

The Federation Module supports SAML 2.0 federations.

SAML 2.0 is a protocol that you can use to perform federated single sign-on from identity providers to service providers. In federated single sign-on, users authenticate at identity provider. Service providers consume the identity information asserted by identity providers.

SAML 2.0 relies on the use of SOAP, among other technologies, to exchange XML messages over computer networks. The XML messages are exchanged through a series of requests and responses.

In this process, one of the federation partners sends a request message to the other federation partner. Then, that receiving partner immediately sends a response message to the partner who sent the request.

The SAML specifications include descriptors to establish a federation, initialize, and manage single sign-on. The following descriptors specify the structure, content of the messages, and the way the messages are communicated between partners and users.
Assertions
XML-formatted tokens that are used to transfer user identity information, such as the authentication, attribute, and entitlement information, in the messages.
Protocols
The types of request messages and response messages that are used for obtaining authentication data and for managing identities.
Bindings
The communication method that is used to transport the messages.
Profiles
Combinations of protocols, assertions, and bindings that are used together to create a federation and enable federated single sign-on.

You and your partner must use the same SAML specification (2.0) and agree on which protocols, bindings, and profiles to use.