Security Assertion Markup Language (SAML) is an XML-based standard for exchanging authentication and authorization data between business entities. It is a product of the OASIS Security Services Technical Committee. SAML specification defines three roles in its security configurations:
Principal: Requests a Web service. Typically, a user.
Identity provider (IdP): Identifies a user and makes the access control decision, that is, only if the user is authenticated with proper permissions to access the Web service.
Service provider (SP): A program or a Web application that can service a Principal's requests. Typically, a Web application.
The following is the representation of a SAML security implementation:
A general scenario implementing SAML for security configuration is as follows:
1. A user (Principal) requests a service from a REST Web application (Service Provider).
2. The REST Web application requests and obtains an identity assertion from the Progress Identity provider (IdP).
3. On the basis of the assertion, if the user has the required permissions for accessing the REST Web application service, the service is performed, otherwise, the service is not performed. Also, in SAML security implementation, one Identity Provider can provide SAML assertions to many Service Providers, and a Service Provider can trust assertions from many independent Identity Providers.
Principal: Requests a Web service. Typically, a user.
