Security Assertion Markup Language (SAML) is an XML standard that allows secure web domains to exchange user authentication and authorization data. Using SAML, an online service provider can contact a separate online identity provider to authenticate users who are trying to access secure content.
The SAML specification defines three roles:
The principal (typically a user)
The Identity Provider (IdP)
The service Provider (SP)
In the use case addressed by SAML, the principal requests a service from the service provider. The service provider requests and obtains an identity assertion from the identity provider. On the basis of this assertion, the service provider can make an access control decision - in other words it can decide whether to perform some service for the connected principal.
Let us take an example to show you how to configure miniOrange Self-Service Console as a service provider by accepting a SAML assertion generated by the miniOrange IDP.
Register a Service Provider on the Identity Server:
Add Issuer as miniOrange
Assertion Consumer URL as https://auth.miniorange.co.in/moas/samlresponse
Make sure Enable Attribute Profile is checked
Add email address in Attribute Claims
Make sure Include Attributes in the Response Always is checked
User selects SAML SSO from End User Sign In window to login using miniOrange Identity Server.
miniOrange Authentication Service sends an authentication SAML request along with Attribute Query to miniOrange Identity Server along with the Consumer Index generated after registering miniOrange as a Service Provider on the Identity Server.
miniOrange IdP parses the SAML request and redirects to Identity Server Login page.
User enters the username & password. If valid credentials are entered, IdP sends an encoded SAML Response to the miniOrange Authentication Service with the email address of the user.
miniOrange Authentication Service receives SAML response, decodes it, parses the email ID of the user. If a valid email address is found, it logs in the user into self-service console.