SAML 2.0
The Federation Module relies on the SAML 2.0 specification to establish a federation and to initialize and manage single sign-on.
Assertions
The assertions contain authentication statements. These authentication statements assert that the principal (that is, the entity that requests access) was authenticated. Assertions can also carry attributes about the user that the identity provider wants to make available to the service provider.
Assertions are typically passed from the identity provider to the service provider.
The content of the assertions that are created is controlled by the SAML 2.0 specification. Select these assertions when you establish a federation. You can also select these assertions by the definitions that are used in the identity mapping method that you configure.
The identity mapping method can either be a custom mapping module or a JavaScript mapping rule. The identity mapping also specifies how identities are mapped between federation partners.
Protocols
- Authentication request
- Single logout
- Artifact resolution
- Name identifier management