What is SAML?

The Security Assertion Markup Language (SAML) standard defines a framework for exchanging security information between online business partners. It was developed by the Security Services Technical Committee (SSTC) of the standards organization OASIS (the Organization for the Advancement of Structured Information Standards). SAML defines a common XML framework for exchanging security assertions between entities. SAML delivers the following benefits:

• Overcome limitations of browser cookies to enable standards-based cross-domain SSO - Most existing single sign-on products use browser cookies to maintain state so that re-authentication is not required. Browser cookies are not transferred between DNS domains, however, so if you obtain a cookie from www.abc.com then that cookie cannot be sent to www.xyz.com. Therefore, to enable the cross-domain single sign-on, products implement proprietary technologies and solve the problem in different ways. SAML provides this a standard way of enabling cross-domain single sign-on.
• Enable SSO interoperability - Organizations looking to implement cross-domain SSO across their organization and trading partners will need to implement the same proprietary SSO and cross-domain SSO product across all the domains. This requirement, which can be difficult to support, is eliminated by SAML's standard implementation which enables interoperability across all products that support the standard.
• Provide support for Web Services - The SAML standard provides the means by which authentication and authorization assertions can be exchanged between communicating parties in a Web Services environment.
  

Entegrity's Commitment to SAML

Entegrity Solutions is committed to delivering standards-based solutions and is an active participant in a number of standards activities, including being a founding member of the SAML committee. AssureAccess was the first security product to ship with built-in support for SAML, and Entegrity has participated in all SAML interoperability events.

General SAML Information

• AssureAccess and SAML (data sheet)
• SAML Support in AssureAccess
• SAML and Its Role in Providing a Unified Authentication and Authorization Framework (presentation)

Technical SAML Resources

• Example SAML Messages
  • test_req_assertion - Example of a SAML request for an assertion by supplying an Artifact.
  • test_resp_attr_authn - Example of a SAML response containing an authentication statement and an attribute statement. This message was captured during the SAML 1.1 interoperability demonstration while the Browser/Artifact profile was being demonstrated
  • test_post_signed - Example of a SAML response containing an authentication statement and an attribute statement. This message was captured during the SAML 1.1 interoperability demonstration and was used when demonstrating the Browser/POST profile. The SAML message has been digitally signed.
• Technical Overview of the OASIS Security Assertion Markup Language (SAML) V1.1 (white paper)
• OASIS Security Services Technical Committee Web site

Entegrity Solutions has been named an Approved E-Authentication Technology Provider for the Federal government’s E-Authentication Initiative.