SAML (Security Assertion Markup Language)

It’s been a while since I’ve posted something with my techie hat on, so I decided to share couple diagrams I’ve made while back to explain how SAML works.

SAML, Single Sign On

I am not going to do a whole lecture on what SAML is on this post but here is a brief explanation for those who may not know what it is and are wondering. 🙂

What is SAML (Security Assertion Markup Language)?

  • It’s an XML-based, open-standard data format for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider.
  • Wikipedia: SAML

Let’s break it down a bit!

  • XML (Extensible Markup Language) standard

    • Extensible
      • In Information Technology, we say something is “extensible” if it’s designed so that users or developers can expand it’s capabilities.
      • It’s different from HTML, XML doesn’t use pre-defined tags. You can define tags and use it. 
    • Markup
    • Language
      • It’s like HTML, but not the same.
        • HTML was designed to display data with focus on how data looks
        • XML was designed to store and carry data with focus on what the data is.
  • Authentication
    • Verifying that somebody really is who they claims to be using their credentials.
    • Who are you? Please provide your username and password, so I can verify who you are.
  • Authorization
    • Checking permissions (what you are allowed to do)
    • For example, in WordPress sites, what you are allowed to do is determined by the user role that is associated with your account.
  • Identity Provider
    • In my diagram, it is EmpowerID platform.
    • EmpowerID is an identity management system.
    • Identity management refer to as the task of controlling information about users which includes user’s username and password.
  • Service Provider
    • In my diagram, it is a WordPress site.
    • WordPres is an online content management system.
    • Content management refer to as the task of managing content of a website.

So, what am I trying to do here?

  • I want users to be able to log into my WordPress site to manage content by proving who they are to EmpowerID. In another word, when users try to log into my WordPress site, I am asking WordPress site to direct users to EmpowerID to verify they are really who they claims to be.
  • Using more technical terms, “I am going to configure SAML to allow an online service provider (WordPress) to contact a separate online identity provider (EmpowerID) to authenticate users.”.

saml_identitymanagement_diagrams-2

Hope this is somewhat useful for those who may be looking for some information on SAML/Single-Sign-On/WordPress/EmpowerID.

Please leave me a message if you have any questions!

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s