SAML is an open standard for the exchange of authentication and authorization data between an identity provider and a service provider.

Single Sign-On (SSO) is the most important use case. SAML was defined by OASIS, see OASIS specs for SAML2.0, and the following specifications are made available:

  • The 'core' SAML assertions and protocols specification SAMLCore - Assertions and Protocols defines the SAML assertions and request-response protocol messages themselves.
  • The SAML bindings specification SAMLBind defines bindings of SAML protocol messages to underlying communications and messaging protocols.
  • The SAML profiles specification SAMLProf specifies profiles that define the use of SAML assertions and request-response messages in communications protocols and frameworks, as well as profiles that define SAML attribute value syntax and naming conventions.
  • The SAML conformance document SAMLConform lists all of the specifications that comprise SAML V2.0.
  • The SAML Authentication Context specification SAMLAuthnCxt defines a syntax for the definition of authentication context declarations and an initial list of authentication context classes.
  • The SAML Metadata document SAML Metadata agreements between system specification is useful for describing agreements between various systems in a standardized way.

The following picture gives an overview of the various concepts and specification documents in SAML and how they relate to one another:

saml specification documents