What is SAML , How does SAML Works , request and Response , Enterprise and Web SSO, Advantages and Disadvantages of SSO, What is SSO, Single Sign On, Security Assertion Mark-up language.

1. Single Sign-on
SSO using SAML

2. Contents
● Introduction
● Advantages and disadvantages of SSO
● Types of SSO
● Different implementation protocols
● SAML
○ How does it work
○ SAML composed of
○ SAML example syntax of Request and Response
● References

3. Introduction
+ What is SSO
+ Why SSO
+ How Does it work

4. What is SSO
● SSO is defined as a solution that allow users to log
in using a single page and afterwards to have access
to multiple services.
● A simple version of single sign-on can be achieved
over IP networks using cookies but only if the sites
share a common DNS parent domain

5. SP
UserAgent
Client
IdP AS
Authentication without SSO Authentication with SSO

6. SSO has following STEPS

7. 1. The Client tries to access a service. If the client has already token to
access this service, then the token is added to request . Afterwards, go to
step 10
2. The Service calls the IdP to handle the authentication.
3. The IdP asks the client for login credentials.
4. The client asks the user to give the login credentials.
5. The User hands over the login credentials.
6. The Client sends these credentials to the IdP that validates the
credentials.
Steps

8. 7. If the credentials are correct an ID token is send to the AS; otherwise it
returns to step 3.
8. The AS Collects the rights that are assigned to the user and creates an
access token and ID token are sent to the client.
9. The Client tries to access a service using the access token.
10. The Service grants access to the service
Steps continuing

9. Advantages and Disadvantages
Of SSO

10. Advantages of SSO
● Improves customer satisfaction
● Boosts productivity
● Improves compliance and security capabilities
● Facilitates B2B collaboration
● Stronger and/or automatic password changes
● Faster access to systems

11. Disadvantages of SSO
Single point of failure
Single high-value target (attracts more attackers)
Necessary information disclosure between trusting site
and SSO authority
Lack of control over your user list

12. Types of SSO
There are two type of SSO
1. Enterprise SSO
2. Web SSO

13. Enterprise SSO
It is designed to provide Single
Sign-On to almost all the
application a user needs,including
windows executables, java
application , terminal-emulator
applications and in some case web
applications
Web SSO
This focused on web-based
applications, an Authorisation
server is used to determine who
can have access to which service.

14. Different Implementation Protocols
• OAuth2
• OpenID Connect
• SAML
• LDAP
• CAS
• CoSign
• OZ

15. SAML
What is SAML?
The Security assertion mark-up language (SAML) is an XML
message format that defines a protocol specification to use
when two servers need to share authentication information.
The protocol uses the web infrastructure where XML data
moves over HTTP protocols on TCP/IP networks

16. How does SAML work
Create
Assertion
SAML request
SAML response

17. SAML composed of
• Assertions
• Request/response protocols
• Bindings (the SOAP-over-HTTP method of transporting SAML
requests and responses)
• Profiles (for embedding and extracting SAML assertions in a
framework or protocol)

18. Request from the Service provider
Here, a sample SAML-compliant request is sent from a service provider requesting password authentication by the
identity provider.
<samlp: Request ...>
<samlp: AttributeQuery>
<saml: Subject>
<saml: NameIdentifier SecurityDomain="sun. com" Name="rimap"/>
</ saml: Subject>
<saml: AttributeDesignator AttributeName="Employee_ ID" AttributeNamespace="sun. com">
</ saml: AttributeDesignator>
</ samlp: AttributeQuery>
</ samlp: Request>

19. Response from the Identity provider
In response, the issuing authority asserts that the subject (S) was authenticated by means (M) at time (T).
<samlp: Response MajorVersion="1" MinorVersion="0" RequestID="128.14.234.20.90123456"
InResponseTo="123.45.678.90.12345678" StatusCode="/features/2002/05/Success">
<saml: Assertion MajorVersion="1" MinorVersion="0" AssertionID="123.45.678.90.12345678" Issuer="Sun
Microsystems, Inc." IssueInstant="2002- 01- 14T10: 00: 23Z">
<saml: Conditions NotBefore="2002- 01- 14T10: 00: 30Z" NotAfter="2002- 01- 14T10: 15: 00Z" />
<saml: AuthenticationStatement AuthenticationMethod="Password"AuthenticationInstant="2001- 01- 14T10:
00: 20Z">
<saml: Subject>
<saml: NameIdentifier SecurityDomain="sun. com" Name="rimap" />
</ saml: Subject>
</ saml: AuthenticationStatement>
</ saml: Assertion>
</ samlp: Response>

20. References
• Secure Single Sign-On
www.ru.nl/publish/pages/.../z_researchpaper_sso_final_nick_heijmink_s4250559.pdf
• Single sign-on - Wikipedia, the free encyclopedia
https://en.wikipedia.org/wiki/Single_sign-on
• Demo Free Trials-Single Sign-On Solutions
https://www.onelogin.com/product/sso
• Benefits of SSO
http://www.jscape.com/blog/bid/104856/5-Big-Business-Benefits-of-Using-SSO-
Single-Sign-On
• [PDF]Security Assertion Markup Language (SAML)
https://www.cs.ucsb.edu/~bultan/courses/595- W06/SAML.pdf

21. Thanks!