SlideShare a Scribd company logo

Introduction to SAML 2.0

Mika Koivisto, profile picture
Mika Koivisto

This document provides an introduction to Security Assertion Markup Language (SAML) 2.0, including: - SAML is an XML-based standard for exchanging authentication and authorization data between parties like an identity provider and service provider. - It defines roles like identity providers, service providers, and users. - SAML supports single sign-on, attribute sharing, identity federation, and other use cases through protocols, bindings, and profiles. - Liferay supports acting as an identity provider or service provider using SAML through an enterprise edition plugin, allowing configuration as an IdP or SP through properties and metadata files. - The presentation demonstrates SAML single sign-on flows and configurations using examples

Technology
Related topics:
Identity Management
1 of 24
1
2
3
Most read
4
Most read
5
6
7
8
9
10
11
12
13
14
15
16
17
Most read
18
19
20
21
22
23
24
Introduction to SAML 2.0 Mika Koivisto Senior Software Engineer
Agenda Introduction SAML Concepts Liferay and SAML 2.0 Demo
What is SAML? Security Assertion Markup Language XML based protocol OASIS approved standard SAML 1.0 November 2002 SAML 1.1 September 2003 SAML 2.0 March 2005 Flexible and extensible protocol designed to be used by other standards
SAML Roles Identity Provider (IdP) / Asserting party Service Provider (SP) / Relying party User
Advantages of SAML Platform neutral Loose coupling of directories Improved online experience for end users Supported by many SaaS applications Increased security Strong commercial and open source support
Use cases Web Single Sign-On Attribute based authorization Identity Federation WS-Security
SAML Concepts
Protocols Authentication Request Protocol Assertion Query and Request Protocol Artifact Resolution Protocol Name Identifier Management Protocol Name Identifier Mapping Protocol Single Logout Protocol
Bindings HTTP Redirect Binding HTTP Post Binding HTTP Artifact Binding SAML SOAP Binding Reverse SOAP (PAOS) Binding SAML URI Binding
Profiles Web Browser SSO Profile Enhanced Client and Proxy (ECP) Profile Identity Provider Discovery Profile Single Logout Profile Assertion Query/Request Profile Artifact Resolution Profile Name Identifier Management Profile Name Identifier Mapping Profile
Liferay and SAML 2.0 Available as a EE plugin Supports two operation modes Identity Provider Service Provider Built on top of OpenSAML Uses Java keystore for credentials Configured using SAML metadata and portal(- ext).properties
Features IdP initiated Web SSO SP initiated Web SSO SP initiated Single Logout IdP initiated Single Logout Consumes and Produces SAML Metadata Attribute statement generation (IdP) JIT provisioning using attribute statements (SP)
IdP Supported Bindings Web Single Sign-On Profile HTTP Redirect Binding (AuthnRequest) HTTP Post Binding (AuthnRequest and Response) Single Logout Profile HTTP Redirect Binding (SP initiated only) SAML SOAP Binding (IdP to SP only)
SP Supported Bindings Web Single Sign-On Profile HTTP Redirect Binding (AuthnRequest) HTTP Post Binding (Response) Single Logout Profile HTTP Redirect Binding (SP initiated only) SAML SOAP Binding (IdP to SP only)
SP initiated Single Sign-On
IdP initiated Single Sign-On
SP Initiated Single Logout
IdP Initiated Single Logout
Configuration - IdP Create keystore with signing key keytool -genkey -keyalg RSA -alias liferaysamlidpdemo -keystore keystore.jks -storepass liferay -keysize 2048 Create portal-ext.properties saml.enabled=true saml.role=idp saml.entity.id=liferaysamlidpdemo saml.metadata.paths= ${liferay.home}/saml/salesforce.xml, http://beta.test.com:9080/c/portal/saml/metadata saml.keystore.type=jks saml.keystore.path=${liferay.home}/data/keystore.jks saml.keystore.password=liferay saml.keystore.credential.password[liferaysamlidpdemo]=liferay
Configuration - SP Create keystore with signing key keytool -genkey -keyalg RSA -alias liferaysamlspdemo -keystore keystore.jks -storepass liferay -keysize 2048 Create portal-ext.properties saml.enabled=true saml.role=sp saml.entity.id=liferaysamlspdemo saml.metadata.paths=http://localhost:8080/c/portal/saml/metadata saml.sp.default.idp.entity.id=liferaysamlidpdemo saml.keystore.type=jks saml.keystore.path=${liferay.home}/data/keystore.jks saml.keystore.password=liferay saml.keystore.credential.password[liferaysamlspdemo]=liferay
Extension points com.liferay.saml.resolver.AttributeResolver com.liferay.saml.resolver.NameIdResolver saml-spring.xml com.liferay.saml.profile.SingleLogoutProfile com.liferay.saml.profile.WebSsoProfile
Demo SalesForce.com Google Apps Liferay Service Provider
Resources http://saml.xml.org/saml-specifications Liferay SAML plugin config reference http://bit.ly/lrsamlplugin Difficulties of Single Logout https://wiki.shibboleth.net/confluence/display/SHIB2/ SLOIssues Seamless Single Sign-On with SAML (salesforce) http://www.youtube.com/watch?v=Gztz6h0LgA8
Thank You!

More Related Content

PPT
Presentation sso design_security
Marco Morana
 
PDF
Single sign on using SAML
Programming Talents
 
PDF
SAML Protocol Overview
Mike Schwartz
 
PDF
SAP Single Sign-On 2.0 Overview
SAP Technology
 
PPTX
SSO introduction
Aidy Tificate
 
PPTX
Introduction to Enterprise Service Bus
Mahmoud Ezzat
 
PPTX
Introduction to soa suite 12c in 20 slides
Vincenzo Capozzoli
 
PPTX
Identity Management
Venkatesh Jambulingam
 
Presentation sso design_security
Marco Morana
 
Single sign on using SAML
Programming Talents
 
SAML Protocol Overview
Mike Schwartz
 
SAP Single Sign-On 2.0 Overview
SAP Technology
 
SSO introduction
Aidy Tificate
 
Introduction to Enterprise Service Bus
Mahmoud Ezzat
 
Introduction to soa suite 12c in 20 slides
Vincenzo Capozzoli
 
Identity Management
Venkatesh Jambulingam
 

What's hot (20)

PPTX
IdP, SAML, OAuth
Dan Brinkmann
 
PDF
OpenID Connect Explained
Vladimir Dzhuvinov
 
PDF
Introduction to OpenID Connect
Nat Sakimura
 
PPTX
Identity and Access Management Introduction
Aidy Tificate
 
PPTX
Rest API Security - A quick understanding of Rest API Security
Mohammed Fazuluddin
 
PDF
API Security Best Practices & Guidelines
Prabath Siriwardena
 
PPTX
Api gateway in microservices
Kunal Hire
 
PDF
Keycloak SSO basics
Juan Vicente Herrera Ruiz de Alejo
 
PPTX
An Introduction to OAuth2
Aaron Parecki
 
PPTX
Introduction to Microservices
MahmoudZidan41
 
PDF
Api presentation
Tiago Cardoso
 
PDF
OpenAPI 3.0, And What It Means for the Future of Swagger
SmartBear
 
PDF
APIC/DataPower security
Shiu-Fun Poon
 
PPTX
DataPower Restful API Security
Jagadish Vemugunta
 
PDF
Microsoft Azure Active Directory
David J Rosenthal
 
PPTX
Azure security and Compliance
Karina Matos
 
PPTX
API Security Fundamentals
José Haro Peralta
 
PDF
IBM DataPower Gateway - Common Use Cases
IBM DataPower Gateway
 
ODP
OAuth2 - Introduction
Knoldus Inc.
 
PPTX
2015/06/12 - IBM Systems & Middleware - IBM DataPower and API Management
Rui Santos
 
IdP, SAML, OAuth
Dan Brinkmann
 
OpenID Connect Explained
Vladimir Dzhuvinov
 
Introduction to OpenID Connect
Nat Sakimura
 
Identity and Access Management Introduction
Aidy Tificate
 
Rest API Security - A quick understanding of Rest API Security
Mohammed Fazuluddin
 
API Security Best Practices & Guidelines
Prabath Siriwardena
 
Api gateway in microservices
Kunal Hire
 
Keycloak SSO basics
Juan Vicente Herrera Ruiz de Alejo
 
An Introduction to OAuth2
Aaron Parecki
 
Introduction to Microservices
MahmoudZidan41
 
Api presentation
Tiago Cardoso
 
OpenAPI 3.0, And What It Means for the Future of Swagger
SmartBear
 
APIC/DataPower security
Shiu-Fun Poon
 
DataPower Restful API Security
Jagadish Vemugunta
 
Microsoft Azure Active Directory
David J Rosenthal
 
Azure security and Compliance
Karina Matos
 
API Security Fundamentals
José Haro Peralta
 
IBM DataPower Gateway - Common Use Cases
IBM DataPower Gateway
 
OAuth2 - Introduction
Knoldus Inc.
 
2015/06/12 - IBM Systems & Middleware - IBM DataPower and API Management
Rui Santos
 
Ad

Similar to Introduction to SAML 2.0 (20)

PDF
Introducing SAML 2.0 Protocol: Security and Performance
Amin Saqi
 
PDF
SAML 101
Echoworx
 
PDF
SAML and Liferay
Mika Koivisto
 
PDF
RMLL 2013 - The SAML Protocol: Single Sign On for skilled people
Clément OUDOT
 
PDF
SAML
Léopold Gault
 
PDF
Attacking SSO (SAML) - Breaking into the front door of Authentication
Amit Kumar
 
PDF
How to break SAML if I have paws?
GreenD0g
 
PPTX
IBM Single Sign-On
Van Staub, MBA
 
PDF
Saml
Roger Xia
 
PPTX
Understanding SAML 2.0: Enhancing Secure Authentication
Narendra Kadali
 
PDF
SAML Executive Overview
PortalGuard
 
PDF
Design Pattern for Federated Single Sign-On Access
Mike Reams
 
PDF
"Securing SSO Authentication: Strategies to eliminate vulnerabilities", Oleh ...
Fwdays
 
PDF
Taking a Pragmatic Look at the Salesforce Security Model
Salesforce Developers
 
PDF
Interoperable Provisioning in a distributed world
Ramesh Nagappan
 
PDF
Wp saml v2_rs_3_24_2015
Elaine Sun
 
PDF
White Paper: Saml as an SSO Standard for Customer Identity Management
Gigya
 
PPTX
Enterprise single sign on
Archit Sharma
 
PDF
CIS 2015 Extreme SAML - Hans Zandbelt
CloudIDSummit
 
ODP
Sso every where
Paul Seiler
 
Introducing SAML 2.0 Protocol: Security and Performance
Amin Saqi
 
SAML 101
Echoworx
 
SAML and Liferay
Mika Koivisto
 
RMLL 2013 - The SAML Protocol: Single Sign On for skilled people
Clément OUDOT
 
SAML
Léopold Gault
 
Attacking SSO (SAML) - Breaking into the front door of Authentication
Amit Kumar
 
How to break SAML if I have paws?
GreenD0g
 
IBM Single Sign-On
Van Staub, MBA
 
Saml
Roger Xia
 
Understanding SAML 2.0: Enhancing Secure Authentication
Narendra Kadali
 
SAML Executive Overview
PortalGuard
 
Design Pattern for Federated Single Sign-On Access
Mike Reams
 
"Securing SSO Authentication: Strategies to eliminate vulnerabilities", Oleh ...
Fwdays
 
Taking a Pragmatic Look at the Salesforce Security Model
Salesforce Developers
 
Interoperable Provisioning in a distributed world
Ramesh Nagappan
 
Wp saml v2_rs_3_24_2015
Elaine Sun
 
White Paper: Saml as an SSO Standard for Customer Identity Management
Gigya
 
Enterprise single sign on
Archit Sharma
 
CIS 2015 Extreme SAML - Hans Zandbelt
CloudIDSummit
 
Sso every where
Paul Seiler
 
Ad

Recently uploaded (20)

PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PPTX
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PPTX
Spectroscopy.pptx food analysis technology
nawahassan45
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PDF
KodekX | Application Modernization Development
KodekX
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
Spectroscopy.pptx food analysis technology
nawahassan45
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
Approach and Philosophy of On baking technology
30anthuong17
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
KodekX | Application Modernization Development
KodekX
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
MYSQL Presentation for SQL database connectivity
Swati270511
 

Introduction to SAML 2.0

  • 1. Introduction to SAML 2.0 Mika Koivisto Senior Software Engineer
  • 2. Agenda Introduction SAML Concepts Liferay and SAML 2.0 Demo
  • 3. What is SAML? Security Assertion Markup Language XML based protocol OASIS approved standard SAML 1.0 November 2002 SAML 1.1 September 2003 SAML 2.0 March 2005 Flexible and extensible protocol designed to be used by other standards
  • 4. SAML Roles Identity Provider (IdP) / Asserting party Service Provider (SP) / Relying party User
  • 5. Advantages of SAML Platform neutral Loose coupling of directories Improved online experience for end users Supported by many SaaS applications Increased security Strong commercial and open source support
  • 6. Use cases Web Single Sign-On Attribute based authorization Identity Federation WS-Security
  • 8. Protocols Authentication Request Protocol Assertion Query and Request Protocol Artifact Resolution Protocol Name Identifier Management Protocol Name Identifier Mapping Protocol Single Logout Protocol
  • 9. Bindings HTTP Redirect Binding HTTP Post Binding HTTP Artifact Binding SAML SOAP Binding Reverse SOAP (PAOS) Binding SAML URI Binding
  • 10. Profiles Web Browser SSO Profile Enhanced Client and Proxy (ECP) Profile Identity Provider Discovery Profile Single Logout Profile Assertion Query/Request Profile Artifact Resolution Profile Name Identifier Management Profile Name Identifier Mapping Profile
  • 11. Liferay and SAML 2.0 Available as a EE plugin Supports two operation modes Identity Provider Service Provider Built on top of OpenSAML Uses Java keystore for credentials Configured using SAML metadata and portal(- ext).properties
  • 12. Features IdP initiated Web SSO SP initiated Web SSO SP initiated Single Logout IdP initiated Single Logout Consumes and Produces SAML Metadata Attribute statement generation (IdP) JIT provisioning using attribute statements (SP)
  • 13. IdP Supported Bindings Web Single Sign-On Profile HTTP Redirect Binding (AuthnRequest) HTTP Post Binding (AuthnRequest and Response) Single Logout Profile HTTP Redirect Binding (SP initiated only) SAML SOAP Binding (IdP to SP only)
  • 14. SP Supported Bindings Web Single Sign-On Profile HTTP Redirect Binding (AuthnRequest) HTTP Post Binding (Response) Single Logout Profile HTTP Redirect Binding (SP initiated only) SAML SOAP Binding (IdP to SP only)
  • 19. Configuration - IdP Create keystore with signing key keytool -genkey -keyalg RSA -alias liferaysamlidpdemo -keystore keystore.jks -storepass liferay -keysize 2048 Create portal-ext.properties saml.enabled=true saml.role=idp saml.entity.id=liferaysamlidpdemo saml.metadata.paths= ${liferay.home}/saml/salesforce.xml, http://beta.test.com:9080/c/portal/saml/metadata saml.keystore.type=jks saml.keystore.path=${liferay.home}/data/keystore.jks saml.keystore.password=liferay saml.keystore.credential.password[liferaysamlidpdemo]=liferay
  • 20. Configuration - SP Create keystore with signing key keytool -genkey -keyalg RSA -alias liferaysamlspdemo -keystore keystore.jks -storepass liferay -keysize 2048 Create portal-ext.properties saml.enabled=true saml.role=sp saml.entity.id=liferaysamlspdemo saml.metadata.paths=http://localhost:8080/c/portal/saml/metadata saml.sp.default.idp.entity.id=liferaysamlidpdemo saml.keystore.type=jks saml.keystore.path=${liferay.home}/data/keystore.jks saml.keystore.password=liferay saml.keystore.credential.password[liferaysamlspdemo]=liferay
  • 21. Extension points com.liferay.saml.resolver.AttributeResolver com.liferay.saml.resolver.NameIdResolver saml-spring.xml com.liferay.saml.profile.SingleLogoutProfile com.liferay.saml.profile.WebSsoProfile
  • 22. Demo SalesForce.com Google Apps Liferay Service Provider
  • 23. Resources http://saml.xml.org/saml-specifications Liferay SAML plugin config reference http://bit.ly/lrsamlplugin Difficulties of Single Logout https://wiki.shibboleth.net/confluence/display/SHIB2/ SLOIssues Seamless Single Sign-On with SAML (salesforce) http://www.youtube.com/watch?v=Gztz6h0LgA8