SAML

Overview

Security Assertion Markup Language (SAML) is primarily used to implement the Single Sign-On between one or multiple Service Providers and one IDentity Provider.

Usage

User Agent

A user agent, usually a web browser, requests resources protected by a SAML service provider.

Service Provider

The service provider with redirect the user agent to the trust identity provider to authenticate the user.

SAMLResponse

After the successful authentication and getting the SAMLReponse from the identity provider, the user agent will submit SAMLResponse to the SP to log into the service.

Sign-In

The service provider validates the SAMLReponse with the certification of the trust Identity provider.

Identity Provider

Application

Cloud

Google Cloud

Single sign-on  |  Identity and access management  |  Google CloudGoogle Cloud

AWS IAM Identity Center

Single-Sign On SAML - SSO Provider - AWS IAM Identity Center - AWSAmazon Web Services, Inc.

Azure

What is single sign-on? - Microsoft EntraMicrosoftLearn

Labs

• PentesterLab - SAML: Introduction

• HackTheBox Academic - Attacking Authentication Mechanisms