SAML AuthStates
SAML (Security Assertion Markup Language) is a standard defined by Oasis and describes data structures, messages and protocols used to acquire, propagate and consume identity and other security related information in a distributed environment.
The most common use case used to understand SAML is a distributed internet environment where a user authenticates with an identity provider and may use this authentication on another site (e.g., a credit card company) for payment. The SAML assertion (containing the signed identity of the authenticated user) is the most important data structure used to establish this link.
The assertion may be embedded in a SOAP/WSS header (SOAP binding), a browser POST (POST binding), encoded in a URL (redirect binding) or referenced in a URL or form (artifact binding).
The SAML AuthStates provide support for authentication (verifying SAML assertions as a service provider) and authentication post-processing (generating SAML assertions as an Identity Provider (IdP)). The following use cases and standards are available:
- SAML 2.0 Web Browser SSO Profile as identity provider and as service provider.
- SAML 2.0 Single Logout and Concurrent Logout Profiles as identity provider and as service provider.
- Extension mechanisms using plug-ins. Support for SuisseID attribute extension.