SAML is an open standard for the exchange of authentication and authorization data between an identity provider and a service provider.
Single Sign-On (SSO) is the most important use case. SAML was defined by OASIS, see OASIS specs for SAML2.0, and the following specifications are made available:
- The 'core' SAML assertions and protocols specification SAMLCore - Assertions and Protocols defines the SAML assertions and request-response protocol messages themselves.
- The SAML bindings specification SAMLBind defines bindings of SAML protocol messages to underlying communications and messaging protocols.
- The SAML profiles specification SAMLProf specifies profiles that define the use of SAML assertions and request-response messages in communications protocols and frameworks, as well as profiles that define SAML attribute value syntax and naming conventions.
- The SAML conformance document SAMLConform lists all of the specifications that comprise SAML V2.0.
- The SAML Authentication Context specification SAMLAuthnCxt defines a syntax for the definition of authentication context declarations and an initial list of authentication context classes.
- The SAML Metadata document SAML Metadata agreements between system specification is useful for describing agreements between various systems in a standardized way.
The following picture gives an overview of the various concepts and specification documents in SAML and how they relate to one another: