Authentication and Single Sign
Authentication and Single Sign
Authentication and Single Sign
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Security Assertion Markup Language (SAML)<br />
SAML is a protocol for encoding security related information (assertions)<br />
into XML <strong>and</strong> exchanging this information in a request/response fashion<br />
SAML does not authenticate users – comparable to SAP Logon Ticket<br />
SAML relies for message exchange on st<strong>and</strong>ard security protocols like SSL,<br />
TLS <strong>and</strong> uses XML signatures<br />
SAML authorities produce “assertions” in response to client requests. An<br />
assertion can be either an authentication or an authorization assertion<br />
• <strong>Authentication</strong> assertion: piece of data that represents an act of authentication<br />
performed on a subject (user) by the authority<br />
• Authorization assertion: piece of data that represents authorization permissions<br />
for a subject (user) on a resource<br />
SAML can be used for authentication <strong>and</strong> authorization requests <strong>and</strong><br />
assertions<br />
SAML is an emerging OASIS st<strong>and</strong>ard<br />
© SAP AG 2005, <strong>Authentication</strong> <strong>and</strong> <strong>Single</strong> <strong>Sign</strong> On / Patrick Hildenbr<strong>and</strong> / 26