Identity provider (SAML)


A SAML identity provider is a system entity that issues authentication assertions in conjunction with a single sign-on profile of the Security Assertion Markup Language.
In the SAML domain model, a SAML authority is any system entity that issues SAML assertions. Two important examples of SAML authorities are the authentication authority and the attribute authority.

Definition

A SAML authentication authority is a system entity that produces SAML authentication assertions. Likewise a SAML attribute authority is a system entity that produces SAML attribute assertions.
A SAML authentication authority that participates in one or more SSO Profiles of SAML is called a SAML identity provider. For example, an authentication authority that participates in SAML Web Browser SSO is an identity provider that performs the following essential tasks:
  1. receives a SAML authentication request from a relying on party via a web browser
  2. authenticates the browser user principal
  3. responds to the relying party with a SAML authentication assertion for the principal
In the previous example, the relying on party that receives and accepts the authentication assertion is called a SAML service provider.
A given SAML identity provider is described by an element defined by the SAML metadata schema. Likewise, a SAML service provider is described by an metadata element.
In addition to an authentication assertion, a SAML identity provider may also include an attribute assertion in the response. In that case, the identity provider functions as both an authentication authority and an attribute authority.