Friday, December 21, 2012




SAML 2.0 protocols
===============
Authentication Request Protocol
Assertion Query and Request Protocol
Artifact Resolution Protocol
Name Identifier Management Protocol
Name Identifier Mapping Protocol
Single Logout Protocol

The most important protocols of these are
Authentication Request Protocol
Artifact Resolution Protocol


The protocol is encoded in an XML schema as a set of request-response pairs. The protocols defined are.

Assertion Query and Request Protocol: Defines a set of queries by which existing SAML
assertions may be obtained. The query can be on the basis of a reference, subject or the
statement type.

Authentication Request Protocol: Defines a message that causes a
to be returned containing one of more assertions pertaining to a Principal.
Typically the is issued by a Service Provider with the Identity Provider
returning the message. Used to support the Web Browser SSO Profile.

Artifact Protocol: Provides a mechanism to obtain a previously created assertion by providing a reference. In SAML terms the reference is called an “artifact”. Thus a SAML protocol can refer to an assertion by an artifact, and then when a Service Provider obtains the artifact it can use the artifact Protocol to obtain the actual assertion using this protocol.

Name Identifier Management Protocol: Provides mechanisms to change the value or format
of the name of a Principal. The issuer of the request can be either the Service Provider or the
Identity Provider. The protocol also provides a mechanism to terminate an association of a
name between an Identity Provider and Service Provider.

Single Logout Protocol: Defines a request that allows near-simultaneous logout of all
sessions associated by a Principal. The logout can be directly initiated by the Principal or due
to a session timeout.

Name Identifier Mapping Protocol: Provides a mechanism to enable “account linking”.
Refer to the subsequent sections on Federation.

Source : saml




No comments: