Configuring a SAML-Based Authentication Server

Security Assertion Markup Language (SAML) is an XML-based framework for communicating user authentication, entitlement, and attribute information. SAML provides a foundation for Web based single sign-on (Web SSO) by allowing business entities to make assertions regarding the identity, attributes, and entitlements of a subject (such as a human user) to other entities, such as a partner company or another enterprise application.

In Web SSO, a user either accesses a resource via a service provider (such as the SMA appliance), or accesses an identity provider (IDP) such that the service provider and desired resource are understood or implicit. The user authenticates to the IDP, which then produces an authentication assertion and the service provider consumes the assertion to establish a security context for the user. When the security context for the user exists, the user can access resources at another site without additional authentication. SAML also provides a Single Logout (SLO) service.

This release supports external IDPs that are deployed in the public Internet. It is assumed that the user uses a standard browser and can authenticate to the IDP by some means outside the scope of SAML. The user accesses the appliance through a SAML Authenticated Realm.