Types of SAML providers
SAML provider is an entity within a system that helps the user to access the services that he or she wants.
There are two types of SAML providers:
- Service provider
- Identity provider
- It is an entity within a system that provides the services to the users for which they are authenticated.
- Service provider requires the authentication from the identity provider that grants the access to the user.
- Salesforce and other CRM are the common service providers.
- An identity provider is an entity within a system that sends the authentication to the service provider is about who they are along with the user access rights.
- It maintains a directory of the user and provides an authentication mechanism.
- Microsoft Active Directory and Azure are the common identity providers.
What is a SAML Assertion?
A SAML Assertion is an XML document that the identity provider sends to the service provider containing user authorization.
SAML Assertion is of three types:
- It proves the identification of the user
- It provides the time at which the user logged in.
- It also determines which method of authentication has been used.
- An attribute assertion is used to pass the SAML attributes to the service provider where attribute contains a piece of data about the user authentication.
- Authorization decision
- An authorization decision determines whether the user is authorized to use the service or identity provider denied the request due to the password failure.
Working of SAML