Skip to main content

SAML architecture

SAML architecture

SAML is the most complete, secure and mature solution to get identity federation. SAML defines three main kind of servers:

  • Federation metadata server. Publishes information about the federation members, its protocols and capabilities. Any federation member will only trust on other federation members.
  • Identity providers are able to identify the user and publish its information to any application that requires it.
  • Service providers are standard application servers that relays on identity providers to let users log in.

For now, we will focus on the single log-in and single log-out use cases, but be in mind that SAML defines much more use cases.

Use Cases

Single Log-in

The single log-in is usually initiated by the application server. The typical UML use case is as follows:

 

 

 

Single Log-out

 

 

&&TODO&&

OpenID-Connect 

OpenID-Connect is based on most modern protols. It uses JSON tokens, signed and optionally encripted using JWT standard, and uses simple REST as its transport protocol.

Sometimes referred as OpenID, must not be confused with an older and deprecated standard named OpenID.

OpenID architecture

 

Use Cases

Single Log-in

&&TODO&&

&&TODO&&

 

https://en.wikipedia.org/wiki/Federated_identity

Back to top