The name SAML is the acronym of Security Assertion Markup Language which was launched way back in 2001. It is an open standard secure XML-based communication mechanism for communicating identities between organizations. The key thing about SAML is the primary use case it enables, which is Internet SSO. It is a standard for federated Single Sign-On (SSO) between identity providers and service providers. Users authenticate at the identity provider in federated single sign-on. Identification providers assert identity information, which is used by service providers.
SAML 2.0, launched in 2005, is supported by AWS for identity federation. It allows users to connect to the AWS Management Console or call AWS API operations without having to create an IAM user for each person in your company. Because you may utilize the IdP service instead of implementing bespoke identity proxy code, adopting SAML simplifies the process of configuring federation with AWS. It can be used for both authentication and authorization
Why SAML 2.0?
SAML is important because:
- SAML improves security by removing the need for extra credentials, reducing the risk of identity theft. It also reduces the number of times a user must log in via the internet using one of those username login forms, reducing the risk of phishing.
- SAML also improves application access by removing obstacles to use, so users don't have to enter in their password; instead, they just click on a link in the app.
- Along with these, SAML also saves time and money by removing the need for duplicate credentials and reducing the number of visits to the help desk to reset forgotten passwords.
How does SAML work?
The SAML protocol has three entities:
User-Agent: This is the user’s web browser.
Service Provider: The application which we try to access.
Identity Provider: Also referred to as IdP.
You
create a trust connection between the service provider and the identity
provider when you configure SAML Federation. In order to access a service
provider, a user must first authenticate with the IDP. The IDP creates a SAML
assertion (which is a claim) if the user successfully authenticates and is
authorized. The assertion is sent to the application, and the user is granted
access since the application trusts the IDP. Now that the user has been
authenticated by the IDP, he or she may utilize a single sign-on to access
additional apps.
AWS with InfosecTrain
In
order to get a better understanding of SAML, you can join InfosecTrain for AWS training. InfosecTrain is a premier
training provider for IT professionals who want to develop their careers. Our
instructors are exceptionally knowledgeable in a variety of subjects. We're a
world-class training firm with a worldwide reputation for training quality. To
have a deeper knowledge of SAML, enroll in one of InfosecTrain's AWScertification training courses.
