SAML Federations Overview

The Federation Module supports SAML 1.1 and 2.0 federations.

SAML (Security Assertion Markup Language) is a protocol that you can use to perform federated single sign-on from identity providers to service providers. In federated single sign-on, users authenticate at identity provider. Service providers consume the identity information asserted by identity providers.

SAML relies on the use of SOAP, among other technologies, to exchange XML messages over computer networks. The XML messages are exchanged through a series of requests and responses.

In this process, one of the federation partners sends a request message to the other federation partner. Then, that receiving partner immediately sends a response message to the partner who sent the request.

The SAML specifications include descriptors to establish a federation, initialize, and manage single sign-on. The following descriptors specify the structure, content of the messages, and the way the messages are communicated between partners and users.

Assertions: XML-formatted tokens that are used to transfer user identity information, such as the authentication, attribute, and entitlement information, in the messages.
Protocols: The types of request messages and response messages that are used for obtaining authentication data and for managing identities.
Bindings: The communication method that is used to transport the messages.
Profiles: Combinations of protocols, assertions, and bindings that are used together to create a federation and enable federated single sign-on.

You and your partner must use the same SAML specification and agree on which protocols, bindings, and profiles to use.