SAML web single sign-on

SAML uses assertions to provide vendor-neutral SSO interoperability for transferring information between federation business partners. A SAML assertion is an XML-formatted token used to transfer user identity and attribute information from a identity provider to a trusted service provider.

1. A web user authenticates to a SAML identity provider such as IBM Security Identity Manager or ForgeRock Identity Gateway, which produces a SAML assertion.
2. A WebSphere SAML service provider consumes the assertion and establishes a security context.

SAML 2.0 protocols are HTTP-redirect based. Binding options include...

SAML HTTP redirect	Most common usage.
SAML HTTP POST	Sometimes called Browser POST. SAML protocol messages can be transmitted within an HTML form using base64-encoded content. The provider and consumer communicate using an HTTP user agent as an intermediary.
SAML HTTP artifact
SAML SOAP

SAML 2.0 Web Browser SSO Profile is defined to support web single sign-on. A web user either accesses a resource at a service provider, or accesses an identity provider such that the service provider and desired resource are understood or implicit. The web user authenticates to the identity provider, which then produces an authentication assertion, and the service provider consumes the assertion to establish a security context for the web user.

Subtopics

1. SAML single sign-on scenarios
   
2. Use the SAML web SSO feature
   
3. Configure SSO partners with a WAS-based SAML service provider
   
4. Enable SAML SP-Initiated web SSO
   
5. SAML web SSO TAI custom properties
   
6. Add SAML web SSO trust association interceptor (TAI)
   
7. Establish security context for web services clients using SAML security tokens
   
8. Delete SAML web SSO identity provider (IdP) partner
   
9. Delete SAML web SSO trust association interceptor (TAI)
   
10. Export SAML web service provider metadata
    
11. Import SAML identity provider (IdP) partner metadata
    
12. Display SAML identity provider (IdP) partner configuration
    
13. Display SAML web SSO trust association interceptor (TAI) configuration
    
14. Configure SAML Web Inbound TAI
    
15. SAML Web Inbound TAI Custom Properties
    

See also

1. Profiles :: OASIS SAML V2.0
2. Bindings :: OASIS SAML V2.0
3. Assertions and Protocols :: OASIS SAML V2.0