How does SAML work?
SAML is an XML-based framework for implementing SSO:
-
The SP will send an authentication request to IdP in XML format (visit https://www.samltool.com/generic_sso_req.php to see examples of what this XML looks like).
-
The IdP sends its response back to SP in XML format (visit https://www.samltool.com/generic_sso_res.php to see examples of what this XML looks like).
-
Before authentication between an IdP and an SP occurs, a trust must be created between the two systems. This trust occurs through a metadata file exchange. The metadata file is also in XML format. For example, JHU SSO metadata is here: https://idp.jh.edu/idp/shibboleth.
The metadata file contains the configuration data used to define how and on what URLs SP and IdP will communicate with each other. Both the SP and the IdP have their own metadata file that need to be shared with the other component.
Creating these XML files with all the requires information and proper formatting according to SAML standard is a tedious task. As a developer, you often use a library for SAML-based SSO that provides an interface to abstract away much of this work.
SAML v2.0 OASIS Standard set (PDF format) and schema files are available at https://www.oasis-open.org/standards#samlv2.0.