LLMpediaThe first transparent, open encyclopedia generated by LLMs

SAML 2.0

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: Oracle CX Cloud Hop 4
Expansion Funnel Raw 75 → Dedup 7 → NER 4 → Enqueued 2
1. Extracted75
2. After dedup7 (None)
3. After NER4 (None)
Rejected: 3 (not NE: 3)
4. Enqueued2 (None)
Similarity rejected: 2
SAML 2.0
NameSAML 2.0
DeveloperOASIS
Released2005
Latest release2.0
Operating systemCross-platform
LicenseOpen standard

SAML 2.0 Security Assertion Markup Language 2.0 is an XML-based open standard for exchanging authentication and authorization data between parties, particularly between identity providers and service providers. It enables single sign-on and federated identity scenarios across disparate systems, facilitating interoperability among implementations from major vendors and standards organizations. The specification is maintained by OASIS and has influenced federated identity approaches used by enterprises, governments, and cloud providers.

Overview

SAML 2.0 defines assertions, protocols, bindings, and profiles to convey identity assertions between an Identity provider and a Service provider, enabling trust relationships among entities like Microsoft, Google, Amazon (company), IBM, and Oracle Corporation. The format leverages XML technologies standardized by W3C and cryptographic mechanisms specified by IETF and FIPS Publication 140-2-aligned libraries from vendors such as RSA Security LLC and Thales Group. Implementations interoperate across products from VMware, Ping Identity, Okta, OneLogin, and open-source projects including Shibboleth and SimpleSAMLphp.

History and Development

Work on SAML originated in the early 2000s within a consortium of organizations led by entities like OASIS, Liberty Alliance, Microsoft Research, and contributors from Sun Microsystems and Novell. The SAML 2.0 specification consolidated lessons from earlier versions and from federated identity work by Liberty Alliance Project and standards efforts involving Liberty ID-FF and WS-Federation. Key industry events influencing adoption included collaborations with ECMA International and dialogues at venues such as RSA Conference and Internet Engineering Task Force. Governments and academic consortia, including projects at Stanford University and Internet2, also contributed deployment experience.

Architecture and Components

The SAML 2.0 architecture comprises Assertions, Protocols, Bindings, and Profiles that map to operational roles such as Identity Provider, Service Provider, and Discovery Service; major vendors like Cisco Systems, HP, Dell Technologies, and Red Hat provide components implementing these roles. Assertions assert authentication statements, attribute statements, and authorization decisions; attribute schemas often align with directories such as Active Directory and LDAP deployments from NetIQ or OpenLDAP Project. Metadata exchange, trust establishment, and key management integrate with certificate authorities like Let's Encrypt and enterprise PKI from Entrust.

Protocols and Bindings

SAML 2.0 specifies request and response protocols and supports multiple bindings over transport layers such as HTTP Redirect, HTTP POST, HTTP Artifact, and SOAP, enabling message exchange patterns used by products from Apache Software Foundation projects and service integrations with Salesforce, ServiceNow, and Workday. The Artifact binding interacts with back-channel exchanges similar to patterns in SOAP messaging used by Oracle WebLogic Server and IBM WebSphere, while HTTP POST binding is commonly used in web browser SSO flows implemented by Citrix Systems and F5 Networks.

Profiles and Use Cases

Profiles such as Web Browser SSO, Single Logout, and Enhanced Client or Proxy map SAML constructs to real-world scenarios in enterprises, higher education, and cloud federations involving institutions like University of Michigan, Harvard University, European Commission, and companies including Salesforce and Adobe Inc.. Use cases include cross-domain single sign-on for portals managed by Atlassian, federated access to research resources in Internet2 grids, and cloud identity brokering in marketplaces hosted by AWS Marketplace and Azure Marketplace.

Security Considerations

Security in SAML 2.0 centers on message integrity, confidentiality, replay protection, and trust anchored in X.509 certificates issued by authorities like DigiCert, GlobalSign, and Comodo. Threat models discussed in industry forums such as Black Hat, DEF CON, and guidance from NIST highlight risks including XML signature wrapping, assertion replay, and metadata poisoning; mitigations include strict schema validation, short assertion lifetimes, audience restriction checks, and robust key rotation practices used by enterprises like Goldman Sachs and Bank of America. Interoperability testing events coordinated by OASIS and interoperability plugfests hosted at conferences like Kantara Initiative help identify implementation vulnerabilities.

Implementations and Adoption

SAML 2.0 is widely implemented in commercial products from Microsoft, Okta, Ping Identity, OneLogin, Oracle Corporation, and IBM, and in open-source software such as Shibboleth, SimpleSAMLphp, OpenSAML, and mod_auth_mellon. Large-scale deployments include federations like eduGAIN, government identity ecosystems in countries such as United Kingdom, Australia, and Canada, and enterprise cloud federations used by Netflix and Spotify. Adoption has been supported by industry consortia including OASIS, Liberty Alliance Project, and Kantara Initiative to promote best practices and interoperability testing.

Category:Computer security standards