What is SAML?
SAML, short for Security Assertion Markup Language, is a standard protocol for exchanging user authentication information between different internet domains. By using SAML, users can access multiple services across different domains through Single Sign-On (SSO). For example, SAML lets users log in to an internal corporate system and gain access to cloud services without requiring additional login credentials. SAML is based on an XML framework and was first developed in 2002, with version 2.0 released in 2005.
SSO between different internet domains requires the exchange of authentication information. SAML achieves this through:
When a user accesses an SP to use a service, the SP redirects their request, along with a SAML authentication request, to the IdP. The IdP processes the authentication request, interacts with the user, and performs the authentication. Once the user is successfully authenticated, the IdP issues an Assertion containing authentication details, user attributes, and access permissions to the SP. Based on this assertion, the SP enforces access control without directly handling user authentication data, enabling seamless SSO for multiple services.
F5’s BIG-IP Access Policy Manager (APM) supports Single Sign-On (SSO) and is fully compatible with SAML (SAML 2.0). It can function as an IdP that performs user authentication and issues assertions or as an SP that receives assertions to control access to applications.