SAML (Security Assertion Markup Language) is
an XML standard for exchanging single sign-on information. It relies
on the use of SOAP among other technologies to exchange XML messages
over computer networks. The XML messages are exchanged through a series
of requests and responses. In this process, one of the federation
partners sends a request message to the other federation partner.
Then, that receiving partner immediately sends a response message
to the partner who sent the request.
Tivoli® Federated
Identity Manager supports
the following OASIS Security specifications for exchanging information
in a federation:
- SAML 1.0 and 1.1 (1.x)
- SAML 2.0
The SAML specifications include descriptors to establish
a federation, initialize, and manage single sign-on. The following
descriptors specify the structure, content of the messages, and the
way the messages are communicated between partners and users.
- Assertions
- XML-formatted tokens that are used to transfer user
identity information, such as the authentication, attribute, and entitlement
information, in the messages.
- Protocols
- The types of request messages and response messages that are used
for obtaining authentication data and for managing identities.
- Bindings
- The communication method used to transport the messages.
- Profiles
- Combinations of protocols, assertions, and bindings that are used
together to create a federation and enable federated single sign-on.
When using
Tivoli Federated
Identity Manager, you and your partner
must do the following tasks:
- Use the same SAML specification (1.0, 1.1, or 2.0).
- Agree on which protocols, bindings, and profiles to use.
The next topics provide brief descriptions of how SAML
1.x and SAML 2.0 specifications are used in Tivoli Federated
Identity Manager. However, these descriptions
do not provide all of the details of the specifications. See the OASIS
specification documents at http://www.oasis-open.org/specs/index.php for more
details.