SAML is Simple to Setup, Works With Most Applications
Security Assertion Markup Language (SAML) is a standard for logging users into applications based on their session in another context. This has significant advantages over logging in using a username/password: no need to type in credentials, no need to remember and renew password, no weak passwords etc.
Most companies already know the identity of users because they are logged into their Active Directory domain or intranet. It is natural to use this information to log users into other applications as well such as web-based application, and one of the more elegant ways of doing this by using SAML.
SAML is very powerful and flexible, but the specification can be quite a handful. Now OneLogin is releasing this SAML toolkit for Java applications to enable you to integrate SAML in hours instead of months. We’ve filtered the signal from the noise and come up with a simple setup that will work for most applications out there.
SAML single sign-on works by transferring the user's identity from one place (the identity provider) to another (the service provider). This is done through an exchange of digitally signed XML documents. Consider the following scenario: A user is logged into a system, which acts as an identity provider. The user would like to log in to a remote application such as a support application or accounting application (i.e. the service provider). The following happens:
The diagram below illustrates the single sign-on flow for Service Provider-initiated SSO, i.e. when an application triggers SSO.
Identity provider-initiated SSO is very similar as it consists only of the last two steps.
OneLogin SAML toolkits work with AD-FS. In order to ensure they work properly, make sure you select SHA1 instead of SHA256 as the hashing algorithm in AD-FS.
Test your SAML code to optimize your implementation.Start Testing Now