CINXE.COM

<!DOCTYPE html> <html class="client-nojs vector-feature-language-in-header-enabled vector-feature-language-in-main-page-header-disabled vector-feature-sticky-header-disabled vector-feature-page-tools-pinned-disabled vector-feature-toc-pinned-clientpref-1 vector-feature-main-menu-pinned-disabled vector-feature-limited-width-clientpref-1 vector-feature-limited-width-content-enabled vector-feature-custom-font-size-clientpref-1 vector-feature-appearance-pinned-clientpref-1 vector-feature-night-mode-enabled skin-theme-clientpref-day vector-toc-available" lang="en" dir="ltr"> <head> <meta charset="UTF-8"> <title>Security Assertion Markup Language - Wikipedia</title> <script>(function(){var className="client-js vector-feature-language-in-header-enabled vector-feature-language-in-main-page-header-disabled vector-feature-sticky-header-disabled vector-feature-page-tools-pinned-disabled vector-feature-toc-pinned-clientpref-1 vector-feature-main-menu-pinned-disabled vector-feature-limited-width-clientpref-1 vector-feature-limited-width-content-enabled vector-feature-custom-font-size-clientpref-1 vector-feature-appearance-pinned-clientpref-1 vector-feature-night-mode-enabled skin-theme-clientpref-day vector-toc-available";var cookie=document.cookie.match(/(?:^|; )enwikimwclientpreferences=([^;]+)/);if(cookie){cookie[1].split('%2C').forEach(function(pref){className=className.replace(new RegExp('(^| )'+pref.replace(/-clientpref-\w+$|[^\w-]+/g,'')+'-clientpref-\\w+( |$)'),'$1'+pref+'$2');});}document.documentElement.className=className;}());RLCONF={"wgBreakFrames":false,"wgSeparatorTransformTable":["",""],"wgDigitTransformTable":["",""],"wgDefaultDateFormat":"dmy", "wgMonthNames":["","January","February","March","April","May","June","July","August","September","October","November","December"],"wgRequestId":"46823342-4aea-45a9-bb90-b5d31df841f7","wgCanonicalNamespace":"","wgCanonicalSpecialPageName":false,"wgNamespaceNumber":0,"wgPageName":"Security_Assertion_Markup_Language","wgTitle":"Security Assertion Markup Language","wgCurRevisionId":1255975585,"wgRevisionId":1255975585,"wgArticleId":973888,"wgIsArticle":true,"wgIsRedirect":false,"wgAction":"view","wgUserName":null,"wgUserGroups":["*"],"wgCategories":["Articles with short description","Short description is different from Wikidata","All articles with unsourced statements","Articles with unsourced statements from September 2023","XML-based standards","Computer access control","Identity management","Federated identity","Identity management systems","Metadata standards"],"wgPageViewLanguage":"en","wgPageContentLanguage":"en","wgPageContentModel":"wikitext","wgRelevantPageName": "Security_Assertion_Markup_Language","wgRelevantArticleId":973888,"wgIsProbablyEditable":true,"wgRelevantPageIsProbablyEditable":true,"wgRestrictionEdit":[],"wgRestrictionMove":[],"wgNoticeProject":"wikipedia","wgCiteReferencePreviewsActive":false,"wgFlaggedRevsParams":{"tags":{"status":{"levels":1}}},"wgMediaViewerOnClick":true,"wgMediaViewerEnabledByDefault":true,"wgPopupsFlags":0,"wgVisualEditor":{"pageLanguageCode":"en","pageLanguageDir":"ltr","pageVariantFallbacks":"en"},"wgMFDisplayWikibaseDescriptions":{"search":true,"watchlist":true,"tagline":false,"nearby":true},"wgWMESchemaEditAttemptStepOversample":false,"wgWMEPageLength":20000,"wgRelatedArticlesCompat":[],"wgCentralAuthMobileDomain":false,"wgEditSubmitButtonLabelPublish":true,"wgULSPosition":"interlanguage","wgULSisCompactLinksEnabled":false,"wgVector2022LanguageInHeader":true,"wgULSisLanguageSelectorEmpty":false,"wgWikibaseItemId":"Q1758048","wgCheckUserClientHintsHeadersJsApi":["brands","architecture","bitness", "fullVersionList","mobile","model","platform","platformVersion"],"GEHomepageSuggestedEditsEnableTopics":true,"wgGETopicsMatchModeEnabled":false,"wgGEStructuredTaskRejectionReasonTextInputEnabled":false,"wgGELevelingUpEnabledForUser":false};RLSTATE={"ext.globalCssJs.user.styles":"ready","site.styles":"ready","user.styles":"ready","ext.globalCssJs.user":"ready","user":"ready","user.options":"loading","ext.cite.styles":"ready","ext.pygments":"ready","skins.vector.search.codex.styles":"ready","skins.vector.styles":"ready","skins.vector.icons":"ready","jquery.makeCollapsible.styles":"ready","ext.wikimediamessages.styles":"ready","ext.visualEditor.desktopArticleTarget.noscript":"ready","ext.uls.interlanguage":"ready","wikibase.client.init":"ready","ext.wikimediaBadges":"ready"};RLPAGEMODULES=["ext.cite.ux-enhancements","ext.pygments.view","mediawiki.page.media","site","mediawiki.page.ready","jquery.makeCollapsible","mediawiki.toc","skins.vector.js","ext.centralNotice.geoIP", "ext.centralNotice.startUp","ext.gadget.ReferenceTooltips","ext.gadget.switcher","ext.urlShortener.toolbar","ext.centralauth.centralautologin","mmv.bootstrap","ext.popups","ext.visualEditor.desktopArticleTarget.init","ext.visualEditor.targetLoader","ext.echo.centralauth","ext.eventLogging","ext.wikimediaEvents","ext.navigationTiming","ext.uls.interface","ext.cx.eventlogging.campaigns","ext.cx.uls.quick.actions","wikibase.client.vector-2022","ext.checkUser.clientHints","ext.growthExperiments.SuggestedEditSession","wikibase.sidebar.tracking"];</script> <script>(RLQ=window.RLQ||[]).push(function(){mw.loader.impl(function(){return["user.options@12s5i",function($,jQuery,require,module){mw.user.tokens.set({"patrolToken":"+\\","watchToken":"+\\","csrfToken":"+\\"}); }];});});</script> <link rel="stylesheet" href="/w/load.php?lang=en&modules=ext.cite.styles%7Cext.pygments%2CwikimediaBadges%7Cext.uls.interlanguage%7Cext.visualEditor.desktopArticleTarget.noscript%7Cext.wikimediamessages.styles%7Cjquery.makeCollapsible.styles%7Cskins.vector.icons%2Cstyles%7Cskins.vector.search.codex.styles%7Cwikibase.client.init&only=styles&skin=vector-2022"> <script async="" src="/w/load.php?lang=en&modules=startup&only=scripts&raw=1&skin=vector-2022"></script> <meta name="ResourceLoaderDynamicStyles" content=""> <link rel="stylesheet" href="/w/load.php?lang=en&modules=site.styles&only=styles&skin=vector-2022"> <meta name="generator" content="MediaWiki 1.44.0-wmf.4"> <meta name="referrer" content="origin"> <meta name="referrer" content="origin-when-cross-origin"> <meta name="robots" content="max-image-preview:standard"> <meta name="format-detection" content="telephone=no"> <meta name="viewport" content="width=1120"> <meta property="og:title" content="Security Assertion Markup Language - Wikipedia"> <meta property="og:type" content="website"> <link rel="preconnect" href="//upload.wikimedia.org"> <link rel="alternate" media="only screen and (max-width: 640px)" href="//en.m.wikipedia.org/wiki/Security_Assertion_Markup_Language"> <link rel="alternate" type="application/x-wiki" title="Edit this page" href="/w/index.php?title=Security_Assertion_Markup_Language&action=edit"> <link rel="apple-touch-icon" href="/static/apple-touch/wikipedia.png"> <link rel="icon" href="/static/favicon/wikipedia.ico"> <link rel="search" type="application/opensearchdescription+xml" href="/w/rest.php/v1/search" title="Wikipedia (en)"> <link rel="EditURI" type="application/rsd+xml" href="//en.wikipedia.org/w/api.php?action=rsd"> <link rel="canonical" href="https://en.wikipedia.org/wiki/Security_Assertion_Markup_Language"> <link rel="license" href="https://creativecommons.org/licenses/by-sa/4.0/deed.en"> <link rel="alternate" type="application/atom+xml" title="Wikipedia Atom feed" href="/w/index.php?title=Special:RecentChanges&feed=atom"> <link rel="dns-prefetch" href="//meta.wikimedia.org" /> <link rel="dns-prefetch" href="//login.wikimedia.org"> </head> <body class="skin--responsive skin-vector skin-vector-search-vue mediawiki ltr sitedir-ltr mw-hide-empty-elt ns-0 ns-subject mw-editable page-Security_Assertion_Markup_Language rootpage-Security_Assertion_Markup_Language skin-vector-2022 action-view"><a class="mw-jump-link" href="#bodyContent">Jump to content</a> <div class="vector-header-container"> <header class="vector-header mw-header"> <div class="vector-header-start"> <nav class="vector-main-menu-landmark" aria-label="Site"> <div id="vector-main-menu-dropdown" class="vector-dropdown vector-main-menu-dropdown vector-button-flush-left vector-button-flush-right" > <input type="checkbox" id="vector-main-menu-dropdown-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-main-menu-dropdown" class="vector-dropdown-checkbox " aria-label="Main menu" > <label id="vector-main-menu-dropdown-label" for="vector-main-menu-dropdown-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only " aria-hidden="true" ><span class="vector-icon mw-ui-icon-menu mw-ui-icon-wikimedia-menu"></span> <span class="vector-dropdown-label-text">Main menu</span> </label> <div class="vector-dropdown-content"> <div id="vector-main-menu-unpinned-container" class="vector-unpinned-container"> <div id="vector-main-menu" class="vector-main-menu vector-pinnable-element"> <div class="vector-pinnable-header vector-main-menu-pinnable-header vector-pinnable-header-unpinned" data-feature-name="main-menu-pinned" data-pinnable-element-id="vector-main-menu" data-pinned-container-id="vector-main-menu-pinned-container" data-unpinned-container-id="vector-main-menu-unpinned-container" > <div class="vector-pinnable-header-label">Main menu</div> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-pin-button" data-event-name="pinnable-header.vector-main-menu.pin">move to sidebar</button> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-unpin-button" data-event-name="pinnable-header.vector-main-menu.unpin">hide</button> </div> <div id="p-navigation" class="vector-menu mw-portlet mw-portlet-navigation" > <div class="vector-menu-heading"> Navigation </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="n-mainpage-description" class="mw-list-item"><a href="/wiki/Main_Page" title="Visit the main page [z]" accesskey="z"><span>Main page</span></a></li><li id="n-contents" class="mw-list-item"><a href="/wiki/Wikipedia:Contents" title="Guides to browsing Wikipedia"><span>Contents</span></a></li><li id="n-currentevents" class="mw-list-item"><a href="/wiki/Portal:Current_events" title="Articles related to current events"><span>Current events</span></a></li><li id="n-randompage" class="mw-list-item"><a href="/wiki/Special:Random" title="Visit a randomly selected article [x]" accesskey="x"><span>Random article</span></a></li><li id="n-aboutsite" class="mw-list-item"><a href="/wiki/Wikipedia:About" title="Learn about Wikipedia and how it works"><span>About Wikipedia</span></a></li><li id="n-contactpage" class="mw-list-item"><a href="//en.wikipedia.org/wiki/Wikipedia:Contact_us" title="How to contact Wikipedia"><span>Contact us</span></a></li> </ul> </div> </div> <div id="p-interaction" class="vector-menu mw-portlet mw-portlet-interaction" > <div class="vector-menu-heading"> Contribute </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="n-help" class="mw-list-item"><a href="/wiki/Help:Contents" title="Guidance on how to use and edit Wikipedia"><span>Help</span></a></li><li id="n-introduction" class="mw-list-item"><a href="/wiki/Help:Introduction" title="Learn how to edit Wikipedia"><span>Learn to edit</span></a></li><li id="n-portal" class="mw-list-item"><a href="/wiki/Wikipedia:Community_portal" title="The hub for editors"><span>Community portal</span></a></li><li id="n-recentchanges" class="mw-list-item"><a href="/wiki/Special:RecentChanges" title="A list of recent changes to Wikipedia [r]" accesskey="r"><span>Recent changes</span></a></li><li id="n-upload" class="mw-list-item"><a href="/wiki/Wikipedia:File_upload_wizard" title="Add images or other media for use on Wikipedia"><span>Upload file</span></a></li> </ul> </div> </div> </div> </div> </div> </div> </nav> <a href="/wiki/Main_Page" class="mw-logo"> <img class="mw-logo-icon" src="/static/images/icons/wikipedia.png" alt="" aria-hidden="true" height="50" width="50"> <span class="mw-logo-container skin-invert"> <img class="mw-logo-wordmark" alt="Wikipedia" src="/static/images/mobile/copyright/wikipedia-wordmark-en.svg" style="width: 7.5em; height: 1.125em;"> <img class="mw-logo-tagline" alt="The Free Encyclopedia" src="/static/images/mobile/copyright/wikipedia-tagline-en.svg" width="117" height="13" style="width: 7.3125em; height: 0.8125em;"> </span> </a> </div> <div class="vector-header-end"> <div id="p-search" role="search" class="vector-search-box-vue vector-search-box-collapses vector-search-box-show-thumbnail vector-search-box-auto-expand-width vector-search-box"> <a href="/wiki/Special:Search" class="cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only search-toggle" title="Search Wikipedia [f]" accesskey="f"><span class="vector-icon mw-ui-icon-search mw-ui-icon-wikimedia-search"></span> <span>Search</span> </a> <div class="vector-typeahead-search-container"> <div class="cdx-typeahead-search cdx-typeahead-search--show-thumbnail cdx-typeahead-search--auto-expand-width"> <form action="/w/index.php" id="searchform" class="cdx-search-input cdx-search-input--has-end-button"> <div id="simpleSearch" class="cdx-search-input__input-wrapper" data-search-loc="header-moved"> <div class="cdx-text-input cdx-text-input--has-start-icon"> <input class="cdx-text-input__input" type="search" name="search" placeholder="Search Wikipedia" aria-label="Search Wikipedia" autocapitalize="sentences" title="Search Wikipedia [f]" accesskey="f" id="searchInput" > <span class="cdx-text-input__icon cdx-text-input__start-icon"></span> </div> <input type="hidden" name="title" value="Special:Search"> </div> <button class="cdx-button cdx-search-input__end-button">Search</button> </form> </div> </div> </div> <nav class="vector-user-links vector-user-links-wide" aria-label="Personal tools"> <div class="vector-user-links-main"> <div id="p-vector-user-menu-preferences" class="vector-menu mw-portlet emptyPortlet" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> </ul> </div> </div> <div id="p-vector-user-menu-userpage" class="vector-menu mw-portlet emptyPortlet" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> </ul> </div> </div> <nav class="vector-appearance-landmark" aria-label="Appearance"> <div id="vector-appearance-dropdown" class="vector-dropdown " title="Change the appearance of the page's font size, width, and color" > <input type="checkbox" id="vector-appearance-dropdown-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-appearance-dropdown" class="vector-dropdown-checkbox " aria-label="Appearance" > <label id="vector-appearance-dropdown-label" for="vector-appearance-dropdown-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only " aria-hidden="true" ><span class="vector-icon mw-ui-icon-appearance mw-ui-icon-wikimedia-appearance"></span> <span class="vector-dropdown-label-text">Appearance</span> </label> <div class="vector-dropdown-content"> <div id="vector-appearance-unpinned-container" class="vector-unpinned-container"> </div> </div> </div> </nav> <div id="p-vector-user-menu-notifications" class="vector-menu mw-portlet emptyPortlet" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> </ul> </div> </div> <div id="p-vector-user-menu-overflow" class="vector-menu mw-portlet" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="pt-sitesupport-2" class="user-links-collapsible-item mw-list-item user-links-collapsible-item"><a data-mw="interface" href="https://donate.wikimedia.org/wiki/Special:FundraiserRedirector?utm_source=donate&utm_medium=sidebar&utm_campaign=C13_en.wikipedia.org&uselang=en" class=""><span>Donate</span></a> </li> <li id="pt-createaccount-2" class="user-links-collapsible-item mw-list-item user-links-collapsible-item"><a data-mw="interface" href="/w/index.php?title=Special:CreateAccount&returnto=Security+Assertion+Markup+Language" title="You are encouraged to create an account and log in; however, it is not mandatory" class=""><span>Create account</span></a> </li> <li id="pt-login-2" class="user-links-collapsible-item mw-list-item user-links-collapsible-item"><a data-mw="interface" href="/w/index.php?title=Special:UserLogin&returnto=Security+Assertion+Markup+Language" title="You're encouraged to log in; however, it's not mandatory. [o]" accesskey="o" class=""><span>Log in</span></a> </li> </ul> </div> </div> </div> <div id="vector-user-links-dropdown" class="vector-dropdown vector-user-menu vector-button-flush-right vector-user-menu-logged-out" title="Log in and more options" > <input type="checkbox" id="vector-user-links-dropdown-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-user-links-dropdown" class="vector-dropdown-checkbox " aria-label="Personal tools" > <label id="vector-user-links-dropdown-label" for="vector-user-links-dropdown-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only " aria-hidden="true" ><span class="vector-icon mw-ui-icon-ellipsis mw-ui-icon-wikimedia-ellipsis"></span> <span class="vector-dropdown-label-text">Personal tools</span> </label> <div class="vector-dropdown-content"> <div id="p-personal" class="vector-menu mw-portlet mw-portlet-personal user-links-collapsible-item" title="User menu" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="pt-sitesupport" class="user-links-collapsible-item mw-list-item"><a href="https://donate.wikimedia.org/wiki/Special:FundraiserRedirector?utm_source=donate&utm_medium=sidebar&utm_campaign=C13_en.wikipedia.org&uselang=en"><span>Donate</span></a></li><li id="pt-createaccount" class="user-links-collapsible-item mw-list-item"><a href="/w/index.php?title=Special:CreateAccount&returnto=Security+Assertion+Markup+Language" title="You are encouraged to create an account and log in; however, it is not mandatory"><span class="vector-icon mw-ui-icon-userAdd mw-ui-icon-wikimedia-userAdd"></span> <span>Create account</span></a></li><li id="pt-login" class="user-links-collapsible-item mw-list-item"><a href="/w/index.php?title=Special:UserLogin&returnto=Security+Assertion+Markup+Language" title="You're encouraged to log in; however, it's not mandatory. [o]" accesskey="o"><span class="vector-icon mw-ui-icon-logIn mw-ui-icon-wikimedia-logIn"></span> <span>Log in</span></a></li> </ul> </div> </div> <div id="p-user-menu-anon-editor" class="vector-menu mw-portlet mw-portlet-user-menu-anon-editor" > <div class="vector-menu-heading"> Pages for logged out editors <a href="/wiki/Help:Introduction" aria-label="Learn more about editing"><span>learn more</span></a> </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="pt-anoncontribs" class="mw-list-item"><a href="/wiki/Special:MyContributions" title="A list of edits made from this IP address [y]" accesskey="y"><span>Contributions</span></a></li><li id="pt-anontalk" class="mw-list-item"><a href="/wiki/Special:MyTalk" title="Discussion about edits from this IP address [n]" accesskey="n"><span>Talk</span></a></li> </ul> </div> </div> </div> </div> </nav> </div> </header> </div> <div class="mw-page-container"> <div class="mw-page-container-inner"> <div class="vector-sitenotice-container"> <div id="siteNotice"></div> </div> <div class="vector-column-start"> <div class="vector-main-menu-container"> <div id="mw-navigation"> <nav id="mw-panel" class="vector-main-menu-landmark" aria-label="Site"> <div id="vector-main-menu-pinned-container" class="vector-pinned-container"> </div> </nav> </div> </div> <div class="vector-sticky-pinned-container"> <nav id="mw-panel-toc" aria-label="Contents" data-event-name="ui.sidebar-toc" class="mw-table-of-contents-container vector-toc-landmark"> <div id="vector-toc-pinned-container" class="vector-pinned-container"> <div id="vector-toc" class="vector-toc vector-pinnable-element"> <div class="vector-pinnable-header vector-toc-pinnable-header vector-pinnable-header-pinned" data-feature-name="toc-pinned" data-pinnable-element-id="vector-toc" > <h2 class="vector-pinnable-header-label">Contents</h2> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-pin-button" data-event-name="pinnable-header.vector-toc.pin">move to sidebar</button> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-unpin-button" data-event-name="pinnable-header.vector-toc.unpin">hide</button> </div> <ul class="vector-toc-contents" id="mw-panel-toc-list"> <li id="toc-mw-content-text" class="vector-toc-list-item vector-toc-level-1"> <a href="#" class="vector-toc-link"> <div class="vector-toc-text">(Top)</div> </a> </li> <li id="toc-Overview" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#Overview"> <div class="vector-toc-text"> <span class="vector-toc-numb">1</span> <span>Overview</span> </div> </a> <ul id="toc-Overview-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-History" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#History"> <div class="vector-toc-text"> <span class="vector-toc-numb">2</span> <span>History</span> </div> </a> <ul id="toc-History-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Versions" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#Versions"> <div class="vector-toc-text"> <span class="vector-toc-numb">3</span> <span>Versions</span> </div> </a> <ul id="toc-Versions-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Design" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#Design"> <div class="vector-toc-text"> <span class="vector-toc-numb">4</span> <span>Design</span> </div> </a> <button aria-controls="toc-Design-sublist" class="cdx-button cdx-button--weight-quiet cdx-button--icon-only vector-toc-toggle"> <span class="vector-icon mw-ui-icon-wikimedia-expand"></span> <span>Toggle Design subsection</span> </button> <ul id="toc-Design-sublist" class="vector-toc-list"> <li id="toc-Assertions" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Assertions"> <div class="vector-toc-text"> <span class="vector-toc-numb">4.1</span> <span>Assertions</span> </div> </a> <ul id="toc-Assertions-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Protocols" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Protocols"> <div class="vector-toc-text"> <span class="vector-toc-numb">4.2</span> <span>Protocols</span> </div> </a> <ul id="toc-Protocols-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Bindings" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Bindings"> <div class="vector-toc-text"> <span class="vector-toc-numb">4.3</span> <span>Bindings</span> </div> </a> <ul id="toc-Bindings-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Profiles" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Profiles"> <div class="vector-toc-text"> <span class="vector-toc-numb">4.4</span> <span>Profiles</span> </div> </a> <ul id="toc-Profiles-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Security" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Security"> <div class="vector-toc-text"> <span class="vector-toc-numb">4.5</span> <span>Security</span> </div> </a> <ul id="toc-Security-sublist" class="vector-toc-list"> </ul> </li> </ul> </li> <li id="toc-Use" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#Use"> <div class="vector-toc-text"> <span class="vector-toc-numb">5</span> <span>Use</span> </div> </a> <ul id="toc-Use-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-See_also" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#See_also"> <div class="vector-toc-text"> <span class="vector-toc-numb">6</span> <span>See also</span> </div> </a> <ul id="toc-See_also-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-References" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#References"> <div class="vector-toc-text"> <span class="vector-toc-numb">7</span> <span>References</span> </div> </a> <ul id="toc-References-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-External_links" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#External_links"> <div class="vector-toc-text"> <span class="vector-toc-numb">8</span> <span>External links</span> </div> </a> <ul id="toc-External_links-sublist" class="vector-toc-list"> </ul> </li> </ul> </div> </div> </nav> </div> </div> <div class="mw-content-container"> <main id="content" class="mw-body"> <header class="mw-body-header vector-page-titlebar"> <nav aria-label="Contents" class="vector-toc-landmark"> <div id="vector-page-titlebar-toc" class="vector-dropdown vector-page-titlebar-toc vector-button-flush-left" > <input type="checkbox" id="vector-page-titlebar-toc-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-page-titlebar-toc" class="vector-dropdown-checkbox " aria-label="Toggle the table of contents" > <label id="vector-page-titlebar-toc-label" for="vector-page-titlebar-toc-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only " aria-hidden="true" ><span class="vector-icon mw-ui-icon-listBullet mw-ui-icon-wikimedia-listBullet"></span> <span class="vector-dropdown-label-text">Toggle the table of contents</span> </label> <div class="vector-dropdown-content"> <div id="vector-page-titlebar-toc-unpinned-container" class="vector-unpinned-container"> </div> </div> </div> </nav> <h1 id="firstHeading" class="firstHeading mw-first-heading"><span class="mw-page-title-main">Security Assertion Markup Language</span></h1> <div id="p-lang-btn" class="vector-dropdown mw-portlet mw-portlet-lang" > <input type="checkbox" id="p-lang-btn-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-p-lang-btn" class="vector-dropdown-checkbox mw-interlanguage-selector" aria-label="Go to an article in another language. Available in 15 languages" > <label id="p-lang-btn-label" for="p-lang-btn-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--action-progressive mw-portlet-lang-heading-15" aria-hidden="true" ><span class="vector-icon mw-ui-icon-language-progressive mw-ui-icon-wikimedia-language-progressive"></span> <span class="vector-dropdown-label-text">15 languages</span> </label> <div class="vector-dropdown-content"> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li class="interlanguage-link interwiki-ca mw-list-item"><a href="https://ca.wikipedia.org/wiki/Security_Assertion_Markup_Language" title="Security Assertion Markup Language – Catalan" lang="ca" hreflang="ca" data-title="Security Assertion Markup Language" data-language-autonym="Català" data-language-local-name="Catalan" class="interlanguage-link-target"><span>Català</span></a></li><li class="interlanguage-link interwiki-cs mw-list-item"><a href="https://cs.wikipedia.org/wiki/Security_Assertion_Markup_Language" title="Security Assertion Markup Language – Czech" lang="cs" hreflang="cs" data-title="Security Assertion Markup Language" data-language-autonym="Čeština" data-language-local-name="Czech" class="interlanguage-link-target"><span>Čeština</span></a></li><li class="interlanguage-link interwiki-de mw-list-item"><a href="https://de.wikipedia.org/wiki/Security_Assertion_Markup_Language" title="Security Assertion Markup Language – German" lang="de" hreflang="de" data-title="Security Assertion Markup Language" data-language-autonym="Deutsch" data-language-local-name="German" class="interlanguage-link-target"><span>Deutsch</span></a></li><li class="interlanguage-link interwiki-et mw-list-item"><a href="https://et.wikipedia.org/wiki/Security_Assertion_Markup_Language" title="Security Assertion Markup Language – Estonian" lang="et" hreflang="et" data-title="Security Assertion Markup Language" data-language-autonym="Eesti" data-language-local-name="Estonian" class="interlanguage-link-target"><span>Eesti</span></a></li><li class="interlanguage-link interwiki-es mw-list-item"><a href="https://es.wikipedia.org/wiki/Security_Assertion_Markup_Language" title="Security Assertion Markup Language – Spanish" lang="es" hreflang="es" data-title="Security Assertion Markup Language" data-language-autonym="Español" data-language-local-name="Spanish" class="interlanguage-link-target"><span>Español</span></a></li><li class="interlanguage-link interwiki-fr mw-list-item"><a href="https://fr.wikipedia.org/wiki/Security_assertion_markup_language" title="Security assertion markup language – French" lang="fr" hreflang="fr" data-title="Security assertion markup language" data-language-autonym="Français" data-language-local-name="French" class="interlanguage-link-target"><span>Français</span></a></li><li class="interlanguage-link interwiki-ko mw-list-item"><a href="https://ko.wikipedia.org/wiki/SAML" title="SAML – Korean" lang="ko" hreflang="ko" data-title="SAML" data-language-autonym="한국어" data-language-local-name="Korean" class="interlanguage-link-target"><span>한국어</span></a></li><li class="interlanguage-link interwiki-it mw-list-item"><a href="https://it.wikipedia.org/wiki/Security_Assertion_Markup_Language" title="Security Assertion Markup Language – Italian" lang="it" hreflang="it" data-title="Security Assertion Markup Language" data-language-autonym="Italiano" data-language-local-name="Italian" class="interlanguage-link-target"><span>Italiano</span></a></li><li class="interlanguage-link interwiki-nl mw-list-item"><a href="https://nl.wikipedia.org/wiki/Security_Assertion_Markup_Language" title="Security Assertion Markup Language – Dutch" lang="nl" hreflang="nl" data-title="Security Assertion Markup Language" data-language-autonym="Nederlands" data-language-local-name="Dutch" class="interlanguage-link-target"><span>Nederlands</span></a></li><li class="interlanguage-link interwiki-ja mw-list-item"><a href="https://ja.wikipedia.org/wiki/Security_Assertion_Markup_Language" title="Security Assertion Markup Language – Japanese" lang="ja" hreflang="ja" data-title="Security Assertion Markup Language" data-language-autonym="日本語" data-language-local-name="Japanese" class="interlanguage-link-target"><span>日本語</span></a></li><li class="interlanguage-link interwiki-pl mw-list-item"><a href="https://pl.wikipedia.org/wiki/Security_Assertion_Markup_Language" title="Security Assertion Markup Language – Polish" lang="pl" hreflang="pl" data-title="Security Assertion Markup Language" data-language-autonym="Polski" data-language-local-name="Polish" class="interlanguage-link-target"><span>Polski</span></a></li><li class="interlanguage-link interwiki-ru mw-list-item"><a href="https://ru.wikipedia.org/wiki/SAML" title="SAML – Russian" lang="ru" hreflang="ru" data-title="SAML" data-language-autonym="Русский" data-language-local-name="Russian" class="interlanguage-link-target"><span>Русский</span></a></li><li class="interlanguage-link interwiki-fi mw-list-item"><a href="https://fi.wikipedia.org/wiki/SAML" title="SAML – Finnish" lang="fi" hreflang="fi" data-title="SAML" data-language-autonym="Suomi" data-language-local-name="Finnish" class="interlanguage-link-target"><span>Suomi</span></a></li><li class="interlanguage-link interwiki-uk mw-list-item"><a href="https://uk.wikipedia.org/wiki/SAML" title="SAML – Ukrainian" lang="uk" hreflang="uk" data-title="SAML" data-language-autonym="Українська" data-language-local-name="Ukrainian" class="interlanguage-link-target"><span>Українська</span></a></li><li class="interlanguage-link interwiki-zh mw-list-item"><a href="https://zh.wikipedia.org/wiki/%E5%AE%89%E5%85%A8%E6%96%AD%E8%A8%80%E6%A0%87%E8%AE%B0%E8%AF%AD%E8%A8%80" title="安全断言标记语言 – Chinese" lang="zh" hreflang="zh" data-title="安全断言标记语言" data-language-autonym="中文" data-language-local-name="Chinese" class="interlanguage-link-target"><span>中文</span></a></li> </ul> <div class="after-portlet after-portlet-lang"><span class="wb-langlinks-edit wb-langlinks-link"><a href="https://www.wikidata.org/wiki/Special:EntityPage/Q1758048#sitelinks-wikipedia" title="Edit interlanguage links" class="wbc-editpage">Edit links</a></span></div> </div> </div> </div> </header> <div class="vector-page-toolbar"> <div class="vector-page-toolbar-container"> <div id="left-navigation"> <nav aria-label="Namespaces"> <div id="p-associated-pages" class="vector-menu vector-menu-tabs mw-portlet mw-portlet-associated-pages" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="ca-nstab-main" class="selected vector-tab-noicon mw-list-item"><a href="/wiki/Security_Assertion_Markup_Language" title="View the content page [c]" accesskey="c"><span>Article</span></a></li><li id="ca-talk" class="vector-tab-noicon mw-list-item"><a href="/wiki/Talk:Security_Assertion_Markup_Language" rel="discussion" title="Discuss improvements to the content page [t]" accesskey="t"><span>Talk</span></a></li> </ul> </div> </div> <div id="vector-variants-dropdown" class="vector-dropdown emptyPortlet" > <input type="checkbox" id="vector-variants-dropdown-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-variants-dropdown" class="vector-dropdown-checkbox " aria-label="Change language variant" > <label id="vector-variants-dropdown-label" for="vector-variants-dropdown-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet" aria-hidden="true" ><span class="vector-dropdown-label-text">English</span> </label> <div class="vector-dropdown-content"> <div id="p-variants" class="vector-menu mw-portlet mw-portlet-variants emptyPortlet" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> </ul> </div> </div> </div> </div> </nav> </div> <div id="right-navigation" class="vector-collapsible"> <nav aria-label="Views"> <div id="p-views" class="vector-menu vector-menu-tabs mw-portlet mw-portlet-views" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="ca-view" class="selected vector-tab-noicon mw-list-item"><a href="/wiki/Security_Assertion_Markup_Language"><span>Read</span></a></li><li id="ca-edit" class="vector-tab-noicon mw-list-item"><a href="/w/index.php?title=Security_Assertion_Markup_Language&action=edit" title="Edit this page [e]" accesskey="e"><span>Edit</span></a></li><li id="ca-history" class="vector-tab-noicon mw-list-item"><a href="/w/index.php?title=Security_Assertion_Markup_Language&action=history" title="Past revisions of this page [h]" accesskey="h"><span>View history</span></a></li> </ul> </div> </div> </nav> <nav class="vector-page-tools-landmark" aria-label="Page tools"> <div id="vector-page-tools-dropdown" class="vector-dropdown vector-page-tools-dropdown" > <input type="checkbox" id="vector-page-tools-dropdown-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-page-tools-dropdown" class="vector-dropdown-checkbox " aria-label="Tools" > <label id="vector-page-tools-dropdown-label" for="vector-page-tools-dropdown-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet" aria-hidden="true" ><span class="vector-dropdown-label-text">Tools</span> </label> <div class="vector-dropdown-content"> <div id="vector-page-tools-unpinned-container" class="vector-unpinned-container"> <div id="vector-page-tools" class="vector-page-tools vector-pinnable-element"> <div class="vector-pinnable-header vector-page-tools-pinnable-header vector-pinnable-header-unpinned" data-feature-name="page-tools-pinned" data-pinnable-element-id="vector-page-tools" data-pinned-container-id="vector-page-tools-pinned-container" data-unpinned-container-id="vector-page-tools-unpinned-container" > <div class="vector-pinnable-header-label">Tools</div> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-pin-button" data-event-name="pinnable-header.vector-page-tools.pin">move to sidebar</button> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-unpin-button" data-event-name="pinnable-header.vector-page-tools.unpin">hide</button> </div> <div id="p-cactions" class="vector-menu mw-portlet mw-portlet-cactions emptyPortlet vector-has-collapsible-items" title="More options" > <div class="vector-menu-heading"> Actions </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="ca-more-view" class="selected vector-more-collapsible-item mw-list-item"><a href="/wiki/Security_Assertion_Markup_Language"><span>Read</span></a></li><li id="ca-more-edit" class="vector-more-collapsible-item mw-list-item"><a href="/w/index.php?title=Security_Assertion_Markup_Language&action=edit" title="Edit this page [e]" accesskey="e"><span>Edit</span></a></li><li id="ca-more-history" class="vector-more-collapsible-item mw-list-item"><a href="/w/index.php?title=Security_Assertion_Markup_Language&action=history"><span>View history</span></a></li> </ul> </div> </div> <div id="p-tb" class="vector-menu mw-portlet mw-portlet-tb" > <div class="vector-menu-heading"> General </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="t-whatlinkshere" class="mw-list-item"><a href="/wiki/Special:WhatLinksHere/Security_Assertion_Markup_Language" title="List of all English Wikipedia pages containing links to this page [j]" accesskey="j"><span>What links here</span></a></li><li id="t-recentchangeslinked" class="mw-list-item"><a href="/wiki/Special:RecentChangesLinked/Security_Assertion_Markup_Language" rel="nofollow" title="Recent changes in pages linked from this page [k]" accesskey="k"><span>Related changes</span></a></li><li id="t-upload" class="mw-list-item"><a href="/wiki/Wikipedia:File_Upload_Wizard" title="Upload files [u]" accesskey="u"><span>Upload file</span></a></li><li id="t-specialpages" class="mw-list-item"><a href="/wiki/Special:SpecialPages" title="A list of all special pages [q]" accesskey="q"><span>Special pages</span></a></li><li id="t-permalink" class="mw-list-item"><a href="/w/index.php?title=Security_Assertion_Markup_Language&oldid=1255975585" title="Permanent link to this revision of this page"><span>Permanent link</span></a></li><li id="t-info" class="mw-list-item"><a href="/w/index.php?title=Security_Assertion_Markup_Language&action=info" title="More information about this page"><span>Page information</span></a></li><li id="t-cite" class="mw-list-item"><a href="/w/index.php?title=Special:CiteThisPage&page=Security_Assertion_Markup_Language&id=1255975585&wpFormIdentifier=titleform" title="Information on how to cite this page"><span>Cite this page</span></a></li><li id="t-urlshortener" class="mw-list-item"><a href="/w/index.php?title=Special:UrlShortener&url=https%3A%2F%2Fen.wikipedia.org%2Fwiki%2FSecurity_Assertion_Markup_Language"><span>Get shortened URL</span></a></li><li id="t-urlshortener-qrcode" class="mw-list-item"><a href="/w/index.php?title=Special:QrCode&url=https%3A%2F%2Fen.wikipedia.org%2Fwiki%2FSecurity_Assertion_Markup_Language"><span>Download QR code</span></a></li> </ul> </div> </div> <div id="p-coll-print_export" class="vector-menu mw-portlet mw-portlet-coll-print_export" > <div class="vector-menu-heading"> Print/export </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="coll-download-as-rl" class="mw-list-item"><a href="/w/index.php?title=Special:DownloadAsPdf&page=Security_Assertion_Markup_Language&action=show-download-screen" title="Download this page as a PDF file"><span>Download as PDF</span></a></li><li id="t-print" class="mw-list-item"><a href="/w/index.php?title=Security_Assertion_Markup_Language&printable=yes" title="Printable version of this page [p]" accesskey="p"><span>Printable version</span></a></li> </ul> </div> </div> <div id="p-wikibase-otherprojects" class="vector-menu mw-portlet mw-portlet-wikibase-otherprojects" > <div class="vector-menu-heading"> In other projects </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="t-wikibase" class="wb-otherproject-link wb-otherproject-wikibase-dataitem mw-list-item"><a href="https://www.wikidata.org/wiki/Special:EntityPage/Q1758048" title="Structured data on this page hosted by Wikidata [g]" accesskey="g"><span>Wikidata item</span></a></li> </ul> </div> </div> </div> </div> </div> </div> </nav> </div> </div> </div> <div class="vector-column-end"> <div class="vector-sticky-pinned-container"> <nav class="vector-page-tools-landmark" aria-label="Page tools"> <div id="vector-page-tools-pinned-container" class="vector-pinned-container"> </div> </nav> <nav class="vector-appearance-landmark" aria-label="Appearance"> <div id="vector-appearance-pinned-container" class="vector-pinned-container"> <div id="vector-appearance" class="vector-appearance vector-pinnable-element"> <div class="vector-pinnable-header vector-appearance-pinnable-header vector-pinnable-header-pinned" data-feature-name="appearance-pinned" data-pinnable-element-id="vector-appearance" data-pinned-container-id="vector-appearance-pinned-container" data-unpinned-container-id="vector-appearance-unpinned-container" > <div class="vector-pinnable-header-label">Appearance</div> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-pin-button" data-event-name="pinnable-header.vector-appearance.pin">move to sidebar</button> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-unpin-button" data-event-name="pinnable-header.vector-appearance.unpin">hide</button> </div> </div> </div> </nav> </div> </div> <div id="bodyContent" class="vector-body" aria-labelledby="firstHeading" data-mw-ve-target-container> <div class="vector-body-before-content"> <div class="mw-indicators"> </div> <div id="siteSub" class="noprint">From Wikipedia, the free encyclopedia</div> </div> <div id="contentSub"><div id="mw-content-subtitle"></div></div> <div id="mw-content-text" class="mw-body-content"><div class="mw-content-ltr mw-parser-output" lang="en" dir="ltr"><div class="shortdescription nomobile noexcerpt noprint searchaux" style="display:none">Technical standard for authentication and authorization</div> <p><b>Security Assertion Markup Language</b> (<b>SAML</b>, pronounced <i>SAM-el</i>, <span class="rt-commentedText nowrap"><span class="IPA nopopups noexcerpt" lang="en-fonipa"><a href="/wiki/Help:IPA/English" title="Help:IPA/English">/<span style="border-bottom:1px dotted"><span title="/ˈ/: primary stress follows">ˈ</span><span title="'s' in 'sigh'">s</span><span title="/æ/: 'a' in 'bad'">æ</span><span title="'m' in 'my'">m</span><span title="/əl/: 'le' in 'bottle'">əl</span></span>/</a></span></span>)<sup id="cite_ref-ISnTY_1-0" class="reference"><a href="#cite_note-ISnTY-1"><span class="cite-bracket">[</span>1<span class="cite-bracket">]</span></a></sup> is an <a href="/wiki/Open_standard" title="Open standard">open standard</a> for exchanging <a href="/wiki/Authentication" title="Authentication">authentication</a> and <a href="/wiki/Authorization" title="Authorization">authorization</a> data between parties, in particular, between an <a href="/wiki/Identity_provider_(SAML)" title="Identity provider (SAML)">identity provider</a> and a <a href="/wiki/Service_provider_(SAML)" title="Service provider (SAML)">service provider</a>. SAML is an <a href="/wiki/XML" title="XML">XML</a>-based <a href="/wiki/Markup_language" title="Markup language">markup language</a> for security assertions (statements that service providers use to make access-control decisions). SAML is also: </p> <ul><li>A set of XML-based protocol messages</li> <li>A set of protocol message bindings</li> <li>A set of profiles (utilizing all of the above)</li></ul> <p>An important use case that SAML addresses is <a href="/wiki/Web_browser" title="Web browser">web-browser</a> <a href="/wiki/Single_sign-on" title="Single sign-on">single sign-on</a> (SSO). Single sign-on is relatively easy to accomplish within a <a href="/wiki/Security_domain" title="Security domain">security domain</a> (using <a href="/wiki/HTTP_cookie" title="HTTP cookie">cookies</a>, for example) but extending SSO across security domains is more difficult and resulted in the proliferation of non-interoperable proprietary technologies. The SAML Web Browser SSO profile was specified and standardized to promote interoperability.<sup id="cite_ref-SAMLProf20_2-0" class="reference"><a href="#cite_note-SAMLProf20-2"><span class="cite-bracket">[</span>2<span class="cite-bracket">]</span></a></sup> </p> <meta property="mw:PageProp/toc" /> <div class="mw-heading mw-heading2"><h2 id="Overview">Overview</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Security_Assertion_Markup_Language&action=edit&section=1" title="Edit section: Overview"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>The SAML specification defines three roles: the principal (typically a human user), the <a href="/wiki/Identity_provider_(SAML)" title="Identity provider (SAML)">identity provider</a> (IdP) and the <a href="/wiki/Service_provider_(SAML)" title="Service provider (SAML)">service provider</a> (SP). In the primary use case addressed by SAML, the principal requests a service from the service provider. The service provider requests and obtains an authentication assertion from the identity provider. On the basis of this assertion, the service provider can make an <a href="/wiki/Access_control" title="Access control">access control</a> decision, that is, it can decide whether to perform the service for the connected principal. </p><p>At the heart of the SAML assertion is a subject (a principal within the context of a particular security domain) about which something is being asserted. The subject is usually (but not necessarily) a human. As in the SAML 2.0 Technical Overview,<sup id="cite_ref-SAMLTechOverview20_3-0" class="reference"><a href="#cite_note-SAMLTechOverview20-3"><span class="cite-bracket">[</span>3<span class="cite-bracket">]</span></a></sup> the terms subject and principal are used interchangeably in this document. </p><p>Before delivering the subject-based assertion from IdP to the SP, the IdP may request some information from the principal—such as a user name and password—in order to authenticate the principal. SAML specifies the content of the assertion that is passed from the IdP to the SP. In SAML, one identity provider may provide SAML assertions to many service providers. Similarly, one SP may rely on and trust assertions from many independent IdPs.<sup class="noprint Inline-Template Template-Fact" style="white-space:nowrap;">[<i><a href="/wiki/Wikipedia:Citation_needed" title="Wikipedia:Citation needed"><span title="This claim needs references to reliable sources. (September 2023)">citation needed</span></a></i>]</sup> </p><p>SAML does not specify the method of authentication at the identity provider. The IdP may use a username and password, or some other form of authentication, including <a href="/wiki/Multi-factor_authentication" title="Multi-factor authentication">multi-factor authentication</a>. A directory service such as <a href="/wiki/RADIUS" title="RADIUS">RADIUS</a>, <a href="/wiki/Lightweight_Directory_Access_Protocol" title="Lightweight Directory Access Protocol">LDAP</a>, or <a href="/wiki/Active_Directory" title="Active Directory">Active Directory</a> that allows users to log in with a user name and password is a typical source of authentication tokens at an identity provider.<sup id="cite_ref-92xv0_4-0" class="reference"><a href="#cite_note-92xv0-4"><span class="cite-bracket">[</span>4<span class="cite-bracket">]</span></a></sup> The popular Internet social networking services also provide identity services that in theory could be used to support SAML exchanges. </p> <div class="mw-heading mw-heading2"><h2 id="History">History</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Security_Assertion_Markup_Language&action=edit&section=2" title="Edit section: History"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <figure class="mw-default-size mw-halign-right" typeof="mw:File/Thumb"><a href="/wiki/File:History_of_SAML.svg" class="mw-file-description"><img src="//upload.wikimedia.org/wikipedia/commons/thumb/f/f2/History_of_SAML.svg/220px-History_of_SAML.svg.png" decoding="async" width="220" height="165" class="mw-file-element" srcset="//upload.wikimedia.org/wikipedia/commons/thumb/f/f2/History_of_SAML.svg/330px-History_of_SAML.svg.png 1.5x, //upload.wikimedia.org/wikipedia/commons/thumb/f/f2/History_of_SAML.svg/440px-History_of_SAML.svg.png 2x" data-file-width="512" data-file-height="384" /></a><figcaption>History of SAML (2002–2005)</figcaption></figure> <p>The <a href="/wiki/OASIS_(organization)" title="OASIS (organization)">Organization for the Advancement of Structured Information Standards (OASIS)</a> Security Services Technical Committee (SSTC), which met for the first time in January 2001, was chartered "to define an XML framework for exchanging authentication and authorization information."<sup id="cite_ref-QmSYw_5-0" class="reference"><a href="#cite_note-QmSYw-5"><span class="cite-bracket">[</span>5<span class="cite-bracket">]</span></a></sup> To this end, the following intellectual property was contributed to the SSTC during the first two months of that year: </p> <ul><li><i>Security Services Markup Language</i> (S2ML) from Netegrity</li> <li><i>AuthXML</i> from Securant</li> <li><i>XML Trust Assertion Service Specification</i> (X-TASS) from VeriSign</li> <li><i>Information Technology Markup Language</i> (ITML) from Jamcracker</li></ul> <p>Building on these initial contributions, in November 2002 OASIS announced the Security Assertion Markup Language (SAML) 1.0 specification as an OASIS Standard.<sup id="cite_ref-hVZwx_6-0" class="reference"><a href="#cite_note-hVZwx-6"><span class="cite-bracket">[</span>6<span class="cite-bracket">]</span></a></sup> </p><p>Meanwhile, the <a href="/wiki/Liberty_Alliance" title="Liberty Alliance">Liberty Alliance</a>, a large consortium of companies, non-profit and government organizations, proposed an extension to the SAML standard called the Liberty Identity Federation Framework (ID-FF).<sup id="cite_ref-D9bCd_7-0" class="reference"><a href="#cite_note-D9bCd-7"><span class="cite-bracket">[</span>7<span class="cite-bracket">]</span></a></sup> Like its SAML predecessor, Liberty ID-FF proposed a standardized, cross-domain, web-based, single sign-on framework. In addition, Liberty described a <i>circle of trust</i> where each participating domain is trusted to accurately document the processes used to identify a user, the type of authentication system used, and any policies associated with the resulting authentication credentials. Other members of the circle of trust could then examine these policies to determine whether to trust such information.<sup id="cite_ref-OiGthD_8-0" class="reference"><a href="#cite_note-OiGthD-8"><span class="cite-bracket">[</span>8<span class="cite-bracket">]</span></a></sup> </p><p>While Liberty was developing ID-FF, the SSTC began work on a minor upgrade to the SAML standard. The resulting SAML 1.1 specification was ratified by the SSTC in September 2003. Then, in November of that same year, <a rel="nofollow" class="external text" href="https://lists.oasis-open.org/archives/security-services/200311/msg00060.html">Liberty contributed ID-FF 1.2 to OASIS</a>, thereby sowing the seeds for the next major version of SAML. In March 2005, SAML 2.0 was announced as an OASIS Standard. SAML 2.0 represents the convergence of Liberty ID-FF and proprietary extensions contributed by the <a href="/wiki/Shibboleth_(Shibboleth_Consortium)" class="mw-redirect" title="Shibboleth (Shibboleth Consortium)">Shibboleth</a> project, as well as early versions of SAML itself. Most SAML implementations support v2.0 while many still support v1.1 for backward compatibility. By January 2008, deployments of SAML 2.0 became common in government, higher education, and commercial enterprises worldwide.<sup id="cite_ref-OiGthD_8-1" class="reference"><a href="#cite_note-OiGthD-8"><span class="cite-bracket">[</span>8<span class="cite-bracket">]</span></a></sup> </p> <div class="mw-heading mw-heading2"><h2 id="Versions">Versions</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Security_Assertion_Markup_Language&action=edit&section=3" title="Edit section: Versions"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>SAML has undergone one minor and one major revision since 1.0. </p> <ul><li>SAML 1.0 was adopted as an OASIS Standard in November 2002</li> <li><a href="/wiki/SAML_1.1" title="SAML 1.1">SAML 1.1</a> was ratified as an OASIS Standard in September 2003</li> <li><a href="/wiki/SAML_2.0" title="SAML 2.0">SAML 2.0</a> became an OASIS Standard in March 2005</li></ul> <p>The Liberty Alliance contributed its Identity Federation Framework (ID-FF) to the OASIS SSTC in September 2003: </p> <ul><li>ID-FF 1.1 was released in April 2003</li> <li>ID-FF 1.2 was finalized in November 2003</li></ul> <p>Versions 1.0 and 1.1 of SAML are similar even though small differences exist.,<sup id="cite_ref-Pu5b0_9-0" class="reference"><a href="#cite_note-Pu5b0-9"><span class="cite-bracket">[</span>9<span class="cite-bracket">]</span></a></sup> however, the differences between SAML 2.0 and SAML 1.1 are substantial. Although the two standards address the same use case, SAML 2.0 is incompatible with its predecessor. </p><p>Although ID-FF 1.2 was contributed to OASIS as the basis of SAML 2.0, there are some important differences between SAML 2.0 and ID-FF 1.2. In particular, the two specifications, despite their common roots, are incompatible.<sup id="cite_ref-OiGthD_8-2" class="reference"><a href="#cite_note-OiGthD-8"><span class="cite-bracket">[</span>8<span class="cite-bracket">]</span></a></sup> </p> <div class="mw-heading mw-heading2"><h2 id="Design">Design</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Security_Assertion_Markup_Language&action=edit&section=4" title="Edit section: Design"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>SAML is built upon a number of existing standards: </p> <ul><li>Extensible Markup Language (XML): Most SAML exchanges are expressed in a standardized dialect of XML, which is the root for the name SAML (Security Assertion Markup Language).</li> <li><a href="/wiki/XML_Schema_(W3C)" title="XML Schema (W3C)">XML Schema</a> (XSD): SAML assertions and protocols are specified (in part) using XML Schema.</li> <li><a href="/wiki/XML_Signature" title="XML Signature">XML Signature</a>: Both <a href="/wiki/SAML_1.1" title="SAML 1.1">SAML 1.1</a> and <a href="/wiki/SAML_2.0" title="SAML 2.0">SAML 2.0</a> use digital signatures (based on the XML Signature standard) for authentication and message integrity.</li> <li><a href="/wiki/XML_Encryption" title="XML Encryption">XML Encryption</a>: Using XML Encryption, SAML 2.0 provides elements for encrypted name identifiers, encrypted attributes, and encrypted assertions (SAML 1.1 does not have encryption capabilities). XML Encryption is reported to have severe security concerns.<sup id="cite_ref-J2KVQ_10-0" class="reference"><a href="#cite_note-J2KVQ-10"><span class="cite-bracket">[</span>10<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-0wAHF_11-0" class="reference"><a href="#cite_note-0wAHF-11"><span class="cite-bracket">[</span>11<span class="cite-bracket">]</span></a></sup></li> <li><a href="/wiki/Hypertext_Transfer_Protocol" class="mw-redirect" title="Hypertext Transfer Protocol">Hypertext Transfer Protocol</a> (HTTP): SAML relies heavily on HTTP as its communications protocol.</li> <li><a href="/wiki/SOAP" title="SOAP">Simple Object Access Protocol (SOAP)</a>: SAML specifies the use of SOAP, specifically SOAP 1.1 .<sup id="cite_ref-K6G4v_12-0" class="reference"><a href="#cite_note-K6G4v-12"><span class="cite-bracket">[</span>12<span class="cite-bracket">]</span></a></sup></li></ul> <p>SAML defines XML-based assertions and protocols, bindings, and profiles. The term <i>SAML Core</i> refers to the general syntax and semantics of SAML assertions as well as the protocol used to request and transmit those assertions from one system entity to another. <i>SAML protocol</i> refers to <b>what</b> is transmitted, not <b>how</b> (the latter is determined by the choice of binding). So SAML Core defines "bare" SAML assertions along with SAML request and response elements. </p><p>A <i>SAML binding</i> determines how SAML requests and responses map onto standard messaging or communications protocols. An important (synchronous) binding is the SAML SOAP binding. </p><p>A <i>SAML profile</i> is a concrete manifestation of a defined use case using a particular combination of assertions, protocols and bindings. </p> <div class="mw-heading mw-heading3"><h3 id="Assertions">Assertions</h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Security_Assertion_Markup_Language&action=edit&section=5" title="Edit section: Assertions"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>A SAML <i>assertion</i> contains a packet of security information: </p> <pre> <saml:Assertion ...> .. </saml:Assertion> </pre> <p>Loosely speaking, a relying party interprets an assertion as follows: </p> <blockquote><p>Assertion <i>A</i> was issued at time <i>t</i> by issuer <i>R</i> regarding subject <i>S</i> provided conditions <i>C</i> are valid.</p></blockquote> <p>SAML assertions are usually transferred from identity providers to service providers. Assertions contain <i>statements</i> that service providers use to make access-control decisions. Three types of statements are provided by SAML: </p> <ol><li>Authentication statements</li> <li>Attribute statements</li> <li>Authorization decision statements</li></ol> <p><i>Authentication statements</i> assert to the service provider that the principal did indeed authenticate with the identity provider at a particular time using a particular method of authentication. Other information about the authenticated principal (called the <i>authentication context</i>) may be disclosed in an authentication statement. </p><p>An <i>attribute statement</i> asserts that a principal is associated with certain attributes. An <i>attribute</i> is simply a <a href="/wiki/Attribute%E2%80%93value_pair" class="mw-redirect" title="Attribute–value pair">name–value pair</a>. Relying parties use attributes to make access-control decisions. </p><p>An <i>authorization decision statement</i> asserts that a principal is permitted to perform action <i>A</i> on resource <i>R</i> given evidence <i>E</i>. The expressiveness of authorization decision statements in SAML is intentionally limited. More-advanced use cases are encouraged to use <a href="/wiki/XACML" title="XACML">XACML</a> instead. </p> <div class="mw-heading mw-heading3"><h3 id="Protocols">Protocols</h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Security_Assertion_Markup_Language&action=edit&section=6" title="Edit section: Protocols"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <figure class="mw-default-size" typeof="mw:File/Thumb"><a href="/wiki/File:Saml-protocol-response.svg" class="mw-file-description"><img src="//upload.wikimedia.org/wikipedia/commons/thumb/4/4e/Saml-protocol-response.svg/220px-Saml-protocol-response.svg.png" decoding="async" width="220" height="239" class="mw-file-element" srcset="//upload.wikimedia.org/wikipedia/commons/thumb/4/4e/Saml-protocol-response.svg/330px-Saml-protocol-response.svg.png 1.5x, //upload.wikimedia.org/wikipedia/commons/thumb/4/4e/Saml-protocol-response.svg/440px-Saml-protocol-response.svg.png 2x" data-file-width="290" data-file-height="315" /></a><figcaption>SAML Protocol Response</figcaption></figure> <p>A SAML <i>protocol</i> describes how certain SAML elements (including assertions) are packaged within SAML request and response elements, and gives the processing rules that SAML entities must follow when producing or consuming these elements. For the most part, a SAML protocol is a simple request-response protocol. </p><p>The most important type of SAML protocol request is called a <i>query</i>. A service provider makes a query directly to an identity provider over a secure back channel. Thus query messages are typically bound to SOAP. </p><p>Corresponding to the three types of statements, there are three types of SAML queries: </p> <ol><li>Authentication query</li> <li>Attribute query</li> <li>Authorization decision query</li></ol> <p>The result of an attribute query is a SAML response containing an assertion, which itself contains an attribute statement. See the SAML 2.0 topic for <a href="/wiki/SAML_2.0#SAML_attribute_query" title="SAML 2.0">an example of attribute query/response</a>. </p><p>Beyond queries, SAML 1.1 specifies no other protocols. </p><p>SAML 2.0 expands the notion of <i>protocol</i> considerably. The following protocols are described in detail in SAML 2.0 Core: </p> <ul><li>Assertion Query and Request Protocol</li> <li>Authentication Request Protocol</li> <li>Artifact Resolution Protocol</li> <li>Name Identifier Management Protocol</li> <li>Single Logout Protocol</li> <li>Name Identifier Mapping Protocol</li></ul> <p>Most of these protocols are new in <a href="/wiki/SAML_2.0" title="SAML 2.0">SAML 2.0</a>. </p> <div class="mw-heading mw-heading3"><h3 id="Bindings">Bindings</h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Security_Assertion_Markup_Language&action=edit&section=7" title="Edit section: Bindings"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <figure class="mw-default-size" typeof="mw:File/Thumb"><a href="/wiki/File:Saml-over-soap-over-http.svg" class="mw-file-description"><img src="//upload.wikimedia.org/wikipedia/commons/thumb/2/2a/Saml-over-soap-over-http.svg/220px-Saml-over-soap-over-http.svg.png" decoding="async" width="220" height="330" class="mw-file-element" srcset="//upload.wikimedia.org/wikipedia/commons/thumb/2/2a/Saml-over-soap-over-http.svg/330px-Saml-over-soap-over-http.svg.png 1.5x, //upload.wikimedia.org/wikipedia/commons/thumb/2/2a/Saml-over-soap-over-http.svg/440px-Saml-over-soap-over-http.svg.png 2x" data-file-width="280" data-file-height="420" /></a><figcaption>SAML over SOAP over HTTP</figcaption></figure> <p>A SAML <i>binding</i> is a mapping of a SAML protocol message onto standard messaging formats and/or communications protocols. For example, the SAML SOAP binding specifies how a SAML message is encapsulated in a SOAP envelope, which itself is bound to an HTTP message. </p><p>SAML 1.1 specifies just one binding, the SAML SOAP Binding. In addition to SOAP, implicit in SAML 1.1 Web Browser SSO are the precursors of the HTTP POST Binding, the HTTP Redirect Binding, and the HTTP Artifact Binding. These are not defined explicitly, however, and are only used in conjunction with SAML 1.1 Web Browser SSO. The notion of binding is not fully developed until SAML 2.0. </p><p>SAML 2.0 completely separates the binding concept from the underlying profile. In fact, there is a brand <a href="/wiki/SAML_2.0#SAML_2.0_bindings" title="SAML 2.0">new binding specification in SAML 2.0</a> that defines the following standalone bindings: </p> <ul><li>SAML SOAP Binding (based on SOAP 1.1)</li> <li>Reverse SOAP (PAOS) Binding</li> <li>HTTP Redirect (GET) Binding</li> <li>HTTP POST Binding</li> <li>HTTP Artifact Binding</li> <li>SAML URI Binding</li></ul> <p>This reorganization provides tremendous flexibility: taking just Web Browser SSO alone as an example, a service provider can choose from four bindings (HTTP Redirect, HTTP POST and two flavors of HTTP Artifact), while the identity provider has three binding options (HTTP POST plus two forms of HTTP Artifact), for a total of twelve possible deployments of the SAML 2.0 Web Browser SSO Profile. </p> <div class="mw-heading mw-heading3"><h3 id="Profiles">Profiles</h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Security_Assertion_Markup_Language&action=edit&section=8" title="Edit section: Profiles"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>A SAML <i>profile</i> describes in detail how SAML assertions, protocols, and bindings combine to support a defined use case. The most important SAML profile is the Web Browser SSO Profile. </p><p>SAML 1.1 specifies two forms of Web Browser SSO, the Browser/Artifact Profile and the Browser/POST Profile. The latter passes assertions <i>by value</i> whereas Browser/Artifact passes assertions <i>by reference</i>. As a consequence, Browser/Artifact requires a back-channel SAML exchange over SOAP. In SAML 1.1, all flows begin with a request at the identity provider for simplicity. Proprietary extensions to the basic IdP-initiated flow have been proposed (by <a href="/wiki/Shibboleth_(Internet2)" class="mw-redirect" title="Shibboleth (Internet2)">Shibboleth</a>, for example). </p><p>The Web Browser SSO Profile was completely refactored for SAML 2.0. Conceptually, SAML 1.1 Browser/Artifact and Browser/POST are special cases of SAML 2.0 Web Browser SSO. The latter is considerably more flexible than its SAML 1.1 counterpart due to the new "plug-and-play" binding design of SAML 2.0. Unlike previous versions, SAML 2.0 browser flows begin with a request at the service provider. This provides greater flexibility, but SP-initiated flows naturally give rise to the so-called <i>Identity Provider Discovery</i> problem, the focus of much research today. In addition to Web Browser SSO, SAML 2.0 introduces numerous new profiles: </p> <ul><li>SSO Profiles <ul><li>Web Browser SSO Profile</li> <li>Enhanced Client or Proxy (ECP) Profile</li> <li>Identity Provider Discovery Profile</li> <li>Single Logout Profile</li> <li>Name Identifier Management Profile</li></ul></li> <li>Artifact Resolution Profile</li> <li>Assertion Query/Request Profile</li> <li>Name Identifier Mapping Profile</li> <li>SAML Attribute Profiles</li></ul> <p>Aside from the SAML Web Browser SSO Profile, some important third-party profiles of SAML include: </p> <ul><li><a href="/wiki/OASIS_(organization)" title="OASIS (organization)">OASIS</a> Web Services Security (WSS) Technical Committee</li> <li><a href="/wiki/Liberty_Alliance" title="Liberty Alliance">Liberty Alliance</a></li> <li><a href="/wiki/OASIS_(organization)" title="OASIS (organization)">OASIS</a> eXtensible Access Control Markup Language (XACML) Technical Committee</li></ul> <div class="mw-heading mw-heading3"><h3 id="Security">Security</h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Security_Assertion_Markup_Language&action=edit&section=9" title="Edit section: Security"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>The SAML specifications recommend, and in some cases mandate, a variety of security mechanisms: </p> <ul><li><a href="/wiki/Transport_Layer_Security" title="Transport Layer Security">TLS</a> 1.0+ for transport-level security</li> <li><a href="/wiki/XML_Signature" title="XML Signature">XML Signature</a> and <a href="/wiki/XML_Encryption" title="XML Encryption">XML Encryption</a> for message-level security</li></ul> <p>Requirements are often phrased in terms of (mutual) authentication, integrity, and confidentiality, leaving the choice of security mechanism to implementers and deployers. </p> <div class="mw-heading mw-heading2"><h2 id="Use">Use</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Security_Assertion_Markup_Language&action=edit&section=10" title="Edit section: Use"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>The primary SAML use case is called <i>Web Browser Single Sign-On (SSO)</i>. A user utilizes a <i>user agent</i> (usually a web browser) to request a web resource protected by a SAML <i>service provider</i>. The service provider, wishing to know the identity of the requesting user, issues an authentication request to a SAML <i>identity provider</i> through the user agent. The resulting protocol flow is depicted in the following diagram. </p> <figure class="mw-halign-center" typeof="mw:File/Thumb"><a href="/wiki/File:Saml2-browser-sso-redirect-post.png" class="mw-file-description"><img src="//upload.wikimedia.org/wikipedia/commons/thumb/0/04/Saml2-browser-sso-redirect-post.png/600px-Saml2-browser-sso-redirect-post.png" decoding="async" width="600" height="424" class="mw-file-element" srcset="//upload.wikimedia.org/wikipedia/commons/thumb/0/04/Saml2-browser-sso-redirect-post.png/900px-Saml2-browser-sso-redirect-post.png 1.5x, //upload.wikimedia.org/wikipedia/commons/thumb/0/04/Saml2-browser-sso-redirect-post.png/1200px-Saml2-browser-sso-redirect-post.png 2x" data-file-width="1362" data-file-height="963" /></a><figcaption><a href="/wiki/Single_sign-on" title="Single sign-on">Single sign-on</a> using SAML in a Web browser</figcaption></figure> <div style="clear:both;" class=""></div> <dl><dt>1. Request the target resource at the SP (SAML 2.0 only)</dt> <dd>The principal (via an HTTPs user agent) requests a target resource at the service provider: <pre>https://sp.example.com/myresource</pre> The service provider performs a security check on behalf of the target resource. If a valid security context at the service provider already exists, skip steps 2–7.</dd> <dt>2. Redirect to the SSO Service at the IdP (SAML 2.0 only)</dt> <dd>The service provider determines the user's preferred identity provider (by unspecified means) and redirects the user agent to the SSO Service at the identity provider: <pre>https://idp.example.org/SAML2/SSO/Redirect?SAMLRequest=request</pre> The value of the <code>SAMLRequest</code> parameter (denoted by the placeholder <code>request</code> above) is the <a href="/wiki/Base64" title="Base64">Base64</a> encoding of a <a href="/wiki/DEFLATE" class="mw-redirect" title="DEFLATE">deflated</a> <code><samlp:AuthnRequest></code> element.</dd> <dt>3. Request the SSO Service at the IdP (SAML 2.0 only)</dt> <dd>The user agent issues a GET request to the SSO service at the URL from step 2. The SSO service processes the <code>AuthnRequest</code> (sent via the <code>SAMLRequest</code> URL query parameter) and performs a security check. If the user does not have a valid security context, the identity provider identifies the user (details omitted).</dd> <dt>4. Respond with an XHTML form</dt> <dd>The SSO service validates the request and responds with a document containing an XHTML form: <div class="mw-highlight mw-highlight-lang-html mw-content-ltr" dir="ltr"><pre><span></span> <span class="p"><</span><span class="nt">form</span> <span class="na">method</span><span class="o">=</span><span class="s">"post"</span> <span class="na">action</span><span class="o">=</span><span class="s">"https://sp.example.com/SAML2/SSO/POST"</span> <span class="err">...</span><span class="p">></span> <span class="p"><</span><span class="nt">input</span> <span class="na">type</span><span class="o">=</span><span class="s">"hidden"</span> <span class="na">name</span><span class="o">=</span><span class="s">"SAMLResponse"</span> <span class="na">value</span><span class="o">=</span><span class="s">"response"</span> <span class="p">/></span> ... <span class="p"><</span><span class="nt">input</span> <span class="na">type</span><span class="o">=</span><span class="s">"submit"</span> <span class="na">value</span><span class="o">=</span><span class="s">"Submit"</span> <span class="p">/></span> <span class="p"></</span><span class="nt">form</span><span class="p">></span> </pre></div> The value of the <code>SAMLResponse</code> element (denoted by the placeholder <code>response</code> above) is the base64 encoding of a <code><samlp:Response></code> element.</dd> <dt>5. Request the Assertion Consumer Service at the SP</dt> <dd>The user agent issues a POST request to the assertion consumer service at the service provider. The value of the <code>SAMLResponse</code> parameter is taken from the XHTML form at step 4.</dd> <dt>6. Redirect to the target resource</dt> <dd>The assertion consumer service processes the response, creates a security context at the service provider and redirects the user agent to the target resource.</dd> <dt>7. Request the target resource at the SP again</dt> <dd>The user agent requests the target resource at the service provider (again): <pre>https://sp.example.com/myresource</pre></dd> <dt>8. Respond with requested resource</dt> <dd>Since a security context exists, the service provider returns the resource to the user agent.</dd></dl> <p>In SAML 1.1, the flow begins with a request to the identity provider's inter-site transfer service at step 3. </p><p>In the example flow above, all depicted exchanges are <i>front-channel exchanges</i>, that is, an HTTP user agent (browser) communicates with a SAML entity at each step. In particular, there are no <i>back-channel exchanges</i> or direct communications between the service provider and the identity provider. Front-channel exchanges lead to simple protocol flows where all messages are passed <i>by value</i> using a simple HTTP binding (GET or POST). Indeed, the flow outlined in the previous section is sometimes called the <i>Lightweight Web Browser SSO Profile</i>. </p><p>Alternatively, for increased security or privacy, messages may be passed <i>by reference</i>. For example, an identity provider may supply a reference to a SAML assertion (called an <i>artifact</i>) instead of transmitting the assertion directly through the user agent. Subsequently, the service provider requests the actual assertion via a back channel. Such a back-channel exchange is specified as a <a href="/wiki/SOAP" title="SOAP">SOAP</a> message exchange (SAML over SOAP over HTTP). In general, any SAML exchange over a secure back channel is conducted as a SOAP message exchange. </p><p>On the back channel, SAML specifies the use of SOAP 1.1. The use of SOAP as a binding mechanism is optional, however. Any given SAML deployment will choose whatever bindings are appropriate. </p> <div class="mw-heading mw-heading2"><h2 id="See_also">See also</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Security_Assertion_Markup_Language&action=edit&section=11" title="Edit section: See also"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <ul><li><a href="/wiki/SAML_2.0" title="SAML 2.0">SAML 2.0</a></li> <li><a href="/wiki/SAML_metadata" title="SAML metadata">SAML metadata</a></li> <li><a href="/wiki/SAML-based_products_and_services" title="SAML-based products and services">SAML-based products and services</a></li> <li><a href="/wiki/Identity_management" class="mw-redirect" title="Identity management">Identity management</a></li> <li><a href="/wiki/Identity_management_systems" class="mw-redirect" title="Identity management systems">Identity management systems</a></li> <li><a href="/wiki/Federated_identity" title="Federated identity">Federated identity</a></li> <li><a href="/wiki/Information_card" title="Information card">Information card</a></li> <li><a href="/wiki/WS-Federation" title="WS-Federation">WS-Federation</a></li> <li><a href="/wiki/OAuth" title="OAuth">OAuth</a></li> <li><a href="/wiki/OpenID_Connect" class="mw-redirect" title="OpenID Connect">OpenID Connect</a></li></ul> <div class="mw-heading mw-heading2"><h2 id="References">References</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Security_Assertion_Markup_Language&action=edit&section=12" title="Edit section: References"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <style data-mw-deduplicate="TemplateStyles:r1239543626">.mw-parser-output .reflist{margin-bottom:0.5em;list-style-type:decimal}@media screen{.mw-parser-output .reflist{font-size:90%}}.mw-parser-output .reflist .references{font-size:100%;margin-bottom:0;list-style-type:inherit}.mw-parser-output .reflist-columns-2{column-width:30em}.mw-parser-output .reflist-columns-3{column-width:25em}.mw-parser-output .reflist-columns{margin-top:0.3em}.mw-parser-output .reflist-columns ol{margin-top:0}.mw-parser-output .reflist-columns li{page-break-inside:avoid;break-inside:avoid-column}.mw-parser-output .reflist-upper-alpha{list-style-type:upper-alpha}.mw-parser-output .reflist-upper-roman{list-style-type:upper-roman}.mw-parser-output .reflist-lower-alpha{list-style-type:lower-alpha}.mw-parser-output .reflist-lower-greek{list-style-type:lower-greek}.mw-parser-output .reflist-lower-roman{list-style-type:lower-roman}</style><div class="reflist"> <div class="mw-references-wrap mw-references-columns"><ol class="references"> <li id="cite_note-ISnTY-1"><span class="mw-cite-backlink"><b><a href="#cite_ref-ISnTY_1-0">^</a></b></span> <span class="reference-text"><style data-mw-deduplicate="TemplateStyles:r1238218222">.mw-parser-output cite.citation{font-style:inherit;word-wrap:break-word}.mw-parser-output .citation q{quotes:"\"""\"""'""'"}.mw-parser-output .citation:target{background-color:rgba(0,127,255,0.133)}.mw-parser-output .id-lock-free.id-lock-free a{background:url("//upload.wikimedia.org/wikipedia/commons/6/65/Lock-green.svg")right 0.1em center/9px no-repeat}.mw-parser-output .id-lock-limited.id-lock-limited a,.mw-parser-output .id-lock-registration.id-lock-registration a{background:url("//upload.wikimedia.org/wikipedia/commons/d/d6/Lock-gray-alt-2.svg")right 0.1em center/9px no-repeat}.mw-parser-output .id-lock-subscription.id-lock-subscription a{background:url("//upload.wikimedia.org/wikipedia/commons/a/aa/Lock-red-alt-2.svg")right 0.1em center/9px no-repeat}.mw-parser-output .cs1-ws-icon a{background:url("//upload.wikimedia.org/wikipedia/commons/4/4c/Wikisource-logo.svg")right 0.1em center/12px no-repeat}body:not(.skin-timeless):not(.skin-minerva) .mw-parser-output .id-lock-free a,body:not(.skin-timeless):not(.skin-minerva) .mw-parser-output .id-lock-limited a,body:not(.skin-timeless):not(.skin-minerva) .mw-parser-output .id-lock-registration a,body:not(.skin-timeless):not(.skin-minerva) .mw-parser-output .id-lock-subscription a,body:not(.skin-timeless):not(.skin-minerva) .mw-parser-output .cs1-ws-icon a{background-size:contain;padding:0 1em 0 0}.mw-parser-output .cs1-code{color:inherit;background:inherit;border:none;padding:inherit}.mw-parser-output .cs1-hidden-error{display:none;color:var(--color-error,#d33)}.mw-parser-output .cs1-visible-error{color:var(--color-error,#d33)}.mw-parser-output .cs1-maint{display:none;color:#085;margin-left:0.3em}.mw-parser-output .cs1-kern-left{padding-left:0.2em}.mw-parser-output .cs1-kern-right{padding-right:0.2em}.mw-parser-output .citation .mw-selflink{font-weight:inherit}@media screen{.mw-parser-output .cs1-format{font-size:95%}html.skin-theme-clientpref-night .mw-parser-output .cs1-maint{color:#18911f}}@media screen and (prefers-color-scheme:dark){html.skin-theme-clientpref-os .mw-parser-output .cs1-maint{color:#18911f}}</style><cite class="citation web cs1"><a rel="nofollow" class="external text" href="http://www.webopedia.com/TERM/S/SAML.html">"What is SAML? - A Word Definition From the Webopedia Computer Dictionary"</a>. Webopedia.com. 25 June 2002<span class="reference-accessdate">. Retrieved <span class="nowrap">2013-09-21</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=What+is+SAML%3F+-+A+Word+Definition+From+the+Webopedia+Computer+Dictionary&rft.pub=Webopedia.com&rft.date=2002-06-25&rft_id=http%3A%2F%2Fwww.webopedia.com%2FTERM%2FS%2FSAML.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASecurity+Assertion+Markup+Language" class="Z3988"></span></span> </li> <li id="cite_note-SAMLProf20-2"><span class="mw-cite-backlink"><b><a href="#cite_ref-SAMLProf20_2-0">^</a></b></span> <span class="reference-text">J. Hughes et al. <i>Profiles for the OASIS Security Assertion Markup Language (SAML) 2.0.</i> OASIS Standard, March 2005. Document identifier: saml-profiles-2.0-os <a rel="nofollow" class="external free" href="http://docs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf">http://docs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf</a> (for the latest working draft of this specification with errata, see: <a rel="nofollow" class="external free" href="https://www.oasis-open.org/committees/download.php/56782/sstc-saml-profiles-errata-2.0-wd-07.pdf">https://www.oasis-open.org/committees/download.php/56782/sstc-saml-profiles-errata-2.0-wd-07.pdf</a>)</span> </li> <li id="cite_note-SAMLTechOverview20-3"><span class="mw-cite-backlink"><b><a href="#cite_ref-SAMLTechOverview20_3-0">^</a></b></span> <span class="reference-text">N. Ragouzis et al. <i>Security Assertion Markup Language (SAML) 2.0 Technical Overview.</i> OASIS Committee Draft 02, March 2008. Document identifier: sstc-saml-tech-overview-2.0-cd-02 <a rel="nofollow" class="external free" href="https://wiki.oasis-open.org/security/Saml2TechOverview">https://wiki.oasis-open.org/security/Saml2TechOverview</a></span> </li> <li id="cite_note-92xv0-4"><span class="mw-cite-backlink"><b><a href="#cite_ref-92xv0_4-0">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="http://www.informationweek.com/software/information-management/saml-the-secret-to-centralized-identity-management/d/d-id/1028656?">"SAML: The Secret to Centralized Identity Management"</a>. InformationWeek.com. 2004-11-23<span class="reference-accessdate">. Retrieved <span class="nowrap">2014-05-23</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=SAML%3A+The+Secret+to+Centralized+Identity+Management&rft.pub=InformationWeek.com&rft.date=2004-11-23&rft_id=http%3A%2F%2Fwww.informationweek.com%2Fsoftware%2Finformation-management%2Fsaml-the-secret-to-centralized-identity-management%2Fd%2Fd-id%2F1028656%3F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASecurity+Assertion+Markup+Language" class="Z3988"></span></span> </li> <li id="cite_note-QmSYw-5"><span class="mw-cite-backlink"><b><a href="#cite_ref-QmSYw_5-0">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFMaler2001" class="citation mailinglist cs1">Maler, Eve (9 Jan 2001). <a rel="nofollow" class="external text" href="http://lists.oasis-open.org/archives/security-services/200101/msg00014.html">"Minutes of 9 January 2001 Security Services TC telecon"</a>. <i>security-services at oasis-open</i> (Mailing list)<span class="reference-accessdate">. Retrieved <span class="nowrap">7 April</span> 2011</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Minutes+of+9+January+2001+Security+Services+TC+telecon&rft.date=2001-01-09&rft.aulast=Maler&rft.aufirst=Eve&rft_id=http%3A%2F%2Flists.oasis-open.org%2Farchives%2Fsecurity-services%2F200101%2Fmsg00014.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASecurity+Assertion+Markup+Language" class="Z3988"></span></span> </li> <li id="cite_note-hVZwx-6"><span class="mw-cite-backlink"><b><a href="#cite_ref-hVZwx_6-0">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="http://saml.xml.org/history">"History of SAML"</a>. SAMLXML.org. 2007-12-05<span class="reference-accessdate">. Retrieved <span class="nowrap">2014-05-22</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=History+of+SAML&rft.pub=SAMLXML.org&rft.date=2007-12-05&rft_id=http%3A%2F%2Fsaml.xml.org%2Fhistory&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASecurity+Assertion+Markup+Language" class="Z3988"></span></span> </li> <li id="cite_note-D9bCd-7"><span class="mw-cite-backlink"><b><a href="#cite_ref-D9bCd_7-0">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFConor_P._Cahill" class="citation web cs1">Conor P. Cahill. <a rel="nofollow" class="external text" href="http://www.projectliberty.org/liberty/content/download/800/5730/file/SpecsOverviewAOL.pdf">"Liberty Technology Overview"</a> <span class="cs1-format">(PDF)</span>. Liberty Alliance<span class="reference-accessdate">. Retrieved <span class="nowrap">2017-08-25</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Liberty+Technology+Overview&rft.pub=Liberty+Alliance&rft.au=Conor+P.+Cahill&rft_id=http%3A%2F%2Fwww.projectliberty.org%2Fliberty%2Fcontent%2Fdownload%2F800%2F5730%2Ffile%2FSpecsOverviewAOL.pdf&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASecurity+Assertion+Markup+Language" class="Z3988"></span></span> </li> <li id="cite_note-OiGthD-8"><span class="mw-cite-backlink">^ <a href="#cite_ref-OiGthD_8-0"><sup><i><b>a</b></i></sup></a> <a href="#cite_ref-OiGthD_8-1"><sup><i><b>b</b></i></sup></a> <a href="#cite_ref-OiGthD_8-2"><sup><i><b>c</b></i></sup></a></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="http://oracle.sys-con.com/node/492156">"Google, NTT and the US GSA Deploy SAML 2.0 for Digital Identity Management"</a>. Oracle Journal. 2008-01-29<span class="reference-accessdate">. Retrieved <span class="nowrap">2014-05-22</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Google%2C+NTT+and+the+US+GSA+Deploy+SAML+2.0+for+Digital+Identity+Management&rft.pub=Oracle+Journal&rft.date=2008-01-29&rft_id=http%3A%2F%2Foracle.sys-con.com%2Fnode%2F492156&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASecurity+Assertion+Markup+Language" class="Z3988"></span></span> </li> <li id="cite_note-Pu5b0-9"><span class="mw-cite-backlink"><b><a href="#cite_ref-Pu5b0_9-0">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFP._Mishra2003" class="citation cs2">P. Mishra; et al. (May 2003), <a rel="nofollow" class="external text" href="http://www.oasis-open.org/committees/download.php/3412/sstc-saml-diff-1.1-draft-01.pdf"><i>Differences between OASIS Security Assertion Markup Language (SAML) V1.1 and V1.0</i></a> <span class="cs1-format">(PDF)</span>, OASIS, sstc-saml-diff-1.1-draft-01<span class="reference-accessdate">, retrieved <span class="nowrap">7 April</span> 2011</span></cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=Differences+between+OASIS+Security+Assertion+Markup+Language+%28SAML%29+V1.1+and+V1.0&rft.pub=OASIS&rft.date=2003-05&rft.au=P.+Mishra&rft_id=http%3A%2F%2Fwww.oasis-open.org%2Fcommittees%2Fdownload.php%2F3412%2Fsstc-saml-diff-1.1-draft-01.pdf&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASecurity+Assertion+Markup+Language" class="Z3988"></span></span> </li> <li id="cite_note-J2KVQ-10"><span class="mw-cite-backlink"><b><a href="#cite_ref-J2KVQ_10-0">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.nds.rub.de/media/nds/veroeffentlichungen/2011/10/22/HowToBreakXMLenc.pdf">"How To Break XML Encryption"</a> <span class="cs1-format">(PDF)</span>. <a href="/wiki/Association_for_Computing_Machinery" title="Association for Computing Machinery">Association for Computing Machinery</a>. 19 October 2011<span class="reference-accessdate">. Retrieved <span class="nowrap">31 October</span> 2014</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=How+To+Break+XML+Encryption&rft.pub=Association+for+Computing+Machinery&rft.date=2011-10-19&rft_id=https%3A%2F%2Fwww.nds.rub.de%2Fmedia%2Fnds%2Fveroeffentlichungen%2F2011%2F10%2F22%2FHowToBreakXMLenc.pdf&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASecurity+Assertion+Markup+Language" class="Z3988"></span></span> </li> <li id="cite_note-0wAHF-11"><span class="mw-cite-backlink"><b><a href="#cite_ref-0wAHF_11-0">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://web.archive.org/web/20111124050008/http://aktuell.ruhr-uni-bochum.de/pm2011/pm00330.html.en">"RUB Researchers break W3C standard"</a>. <a href="/wiki/Ruhr_University_Bochum" title="Ruhr University Bochum">Ruhr University Bochum</a>. 19 October 2011. Archived from <a rel="nofollow" class="external text" href="http://aktuell.ruhr-uni-bochum.de/pm2011/pm00330.html.en">the original</a> on 2011-11-24<span class="reference-accessdate">. Retrieved <span class="nowrap">29 June</span> 2012</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=RUB+Researchers+break+W3C+standard&rft.pub=Ruhr+University+Bochum&rft.date=2011-10-19&rft_id=http%3A%2F%2Faktuell.ruhr-uni-bochum.de%2Fpm2011%2Fpm00330.html.en&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASecurity+Assertion+Markup+Language" class="Z3988"></span></span> </li> <li id="cite_note-K6G4v-12"><span class="mw-cite-backlink"><b><a href="#cite_ref-K6G4v_12-0">^</a></b></span> <span class="reference-text"><a rel="nofollow" class="external text" href="http://www.w3.org/TR/2000/NOTE-SOAP-20000508/">SOAP 1.1</a></span> </li> </ol></div></div> <div class="mw-heading mw-heading2"><h2 id="External_links">External links</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Security_Assertion_Markup_Language&action=edit&section=13" title="Edit section: External links"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <ul><li><a rel="nofollow" class="external text" href="http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security">OASIS Security Services Technical Committee</a></li> <li><a rel="nofollow" class="external text" href="http://xml.coverpages.org/saml.html">Cover Pages: Security Assertion Markup Language (SAML)</a></li> <li><a rel="nofollow" class="external text" href="http://identitymeme.org/doc/draft-hodges-learning-saml-00.html">How to Study and Learn SAML</a></li> <li><a rel="nofollow" class="external text" href="http://www.oracle.com/technetwork/articles/entarch/saml-084342.html">Demystifying SAML</a></li> <li><a rel="nofollow" class="external text" href="http://ssocircle.com">First public SAML 2.0 identity provider</a></li> <li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFDaniel_Blum2003" class="citation book cs1">Daniel Blum (2003). <a rel="nofollow" class="external text" href="https://books.google.com/books?id=tBkEAAAAMBAJ&pg=PT42"><i>Federated ID gains momentum</i></a>. IDG Network World Inc. p. 42.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=Federated+ID+gains+momentum&rft.pages=42&rft.pub=IDG+Network+World+Inc&rft.date=2003&rft.au=Daniel+Blum&rft_id=https%3A%2F%2Fbooks.google.com%2Fbooks%3Fid%3DtBkEAAAAMBAJ%26pg%3DPT42&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASecurity+Assertion+Markup+Language" class="Z3988"></span></li></ul> <div class="navbox-styles"><style data-mw-deduplicate="TemplateStyles:r1129693374">.mw-parser-output .hlist dl,.mw-parser-output .hlist ol,.mw-parser-output .hlist ul{margin:0;padding:0}.mw-parser-output .hlist dd,.mw-parser-output .hlist dt,.mw-parser-output .hlist li{margin:0;display:inline}.mw-parser-output .hlist.inline,.mw-parser-output .hlist.inline dl,.mw-parser-output .hlist.inline ol,.mw-parser-output .hlist.inline ul,.mw-parser-output .hlist dl dl,.mw-parser-output .hlist dl ol,.mw-parser-output .hlist dl ul,.mw-parser-output .hlist ol dl,.mw-parser-output .hlist ol ol,.mw-parser-output .hlist ol ul,.mw-parser-output .hlist ul dl,.mw-parser-output .hlist ul ol,.mw-parser-output .hlist ul ul{display:inline}.mw-parser-output .hlist .mw-empty-li{display:none}.mw-parser-output .hlist dt::after{content:": "}.mw-parser-output .hlist dd::after,.mw-parser-output .hlist li::after{content:" · ";font-weight:bold}.mw-parser-output .hlist dd:last-child::after,.mw-parser-output .hlist dt:last-child::after,.mw-parser-output .hlist li:last-child::after{content:none}.mw-parser-output .hlist dd dd:first-child::before,.mw-parser-output .hlist dd dt:first-child::before,.mw-parser-output .hlist dd li:first-child::before,.mw-parser-output .hlist dt dd:first-child::before,.mw-parser-output .hlist dt dt:first-child::before,.mw-parser-output .hlist dt li:first-child::before,.mw-parser-output .hlist li dd:first-child::before,.mw-parser-output .hlist li dt:first-child::before,.mw-parser-output .hlist li li:first-child::before{content:" (";font-weight:normal}.mw-parser-output .hlist dd dd:last-child::after,.mw-parser-output .hlist dd dt:last-child::after,.mw-parser-output .hlist dd li:last-child::after,.mw-parser-output .hlist dt dd:last-child::after,.mw-parser-output .hlist dt dt:last-child::after,.mw-parser-output .hlist dt li:last-child::after,.mw-parser-output .hlist li dd:last-child::after,.mw-parser-output .hlist li dt:last-child::after,.mw-parser-output .hlist li li:last-child::after{content:")";font-weight:normal}.mw-parser-output .hlist ol{counter-reset:listitem}.mw-parser-output .hlist ol>li{counter-increment:listitem}.mw-parser-output .hlist ol>li::before{content:" "counter(listitem)"\a0 "}.mw-parser-output .hlist dd ol>li:first-child::before,.mw-parser-output .hlist dt ol>li:first-child::before,.mw-parser-output .hlist li ol>li:first-child::before{content:" ("counter(listitem)"\a0 "}</style><style data-mw-deduplicate="TemplateStyles:r1236075235">.mw-parser-output .navbox{box-sizing:border-box;border:1px solid #a2a9b1;width:100%;clear:both;font-size:88%;text-align:center;padding:1px;margin:1em auto 0}.mw-parser-output .navbox .navbox{margin-top:0}.mw-parser-output .navbox+.navbox,.mw-parser-output .navbox+.navbox-styles+.navbox{margin-top:-1px}.mw-parser-output .navbox-inner,.mw-parser-output .navbox-subgroup{width:100%}.mw-parser-output .navbox-group,.mw-parser-output .navbox-title,.mw-parser-output .navbox-abovebelow{padding:0.25em 1em;line-height:1.5em;text-align:center}.mw-parser-output .navbox-group{white-space:nowrap;text-align:right}.mw-parser-output .navbox,.mw-parser-output .navbox-subgroup{background-color:#fdfdfd}.mw-parser-output .navbox-list{line-height:1.5em;border-color:#fdfdfd}.mw-parser-output .navbox-list-with-group{text-align:left;border-left-width:2px;border-left-style:solid}.mw-parser-output tr+tr>.navbox-abovebelow,.mw-parser-output tr+tr>.navbox-group,.mw-parser-output tr+tr>.navbox-image,.mw-parser-output tr+tr>.navbox-list{border-top:2px solid #fdfdfd}.mw-parser-output .navbox-title{background-color:#ccf}.mw-parser-output .navbox-abovebelow,.mw-parser-output .navbox-group,.mw-parser-output .navbox-subgroup .navbox-title{background-color:#ddf}.mw-parser-output .navbox-subgroup .navbox-group,.mw-parser-output .navbox-subgroup .navbox-abovebelow{background-color:#e6e6ff}.mw-parser-output .navbox-even{background-color:#f7f7f7}.mw-parser-output .navbox-odd{background-color:transparent}.mw-parser-output .navbox .hlist td dl,.mw-parser-output .navbox .hlist td ol,.mw-parser-output .navbox .hlist td ul,.mw-parser-output .navbox td.hlist dl,.mw-parser-output .navbox td.hlist ol,.mw-parser-output .navbox td.hlist ul{padding:0.125em 0}.mw-parser-output .navbox .navbar{display:block;font-size:100%}.mw-parser-output .navbox-title .navbar{float:left;text-align:left;margin-right:0.5em}body.skin--responsive .mw-parser-output .navbox-image img{max-width:none!important}@media print{body.ns-0 .mw-parser-output .navbox{display:none!important}}</style></div><div role="navigation" class="navbox" aria-labelledby="Standards_of_OASIS" style="padding:3px"><table class="nowraplinks mw-collapsible autocollapse navbox-inner" style="border-spacing:0;background:transparent;color:inherit"><tbody><tr><th scope="col" class="navbox-title" colspan="2"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1129693374"><style data-mw-deduplicate="TemplateStyles:r1239400231">.mw-parser-output .navbar{display:inline;font-size:88%;font-weight:normal}.mw-parser-output .navbar-collapse{float:left;text-align:left}.mw-parser-output .navbar-boxtext{word-spacing:0}.mw-parser-output .navbar ul{display:inline-block;white-space:nowrap;line-height:inherit}.mw-parser-output .navbar-brackets::before{margin-right:-0.125em;content:"[ "}.mw-parser-output .navbar-brackets::after{margin-left:-0.125em;content:" ]"}.mw-parser-output .navbar li{word-spacing:-0.125em}.mw-parser-output .navbar a>span,.mw-parser-output .navbar a>abbr{text-decoration:inherit}.mw-parser-output .navbar-mini abbr{font-variant:small-caps;border-bottom:none;text-decoration:none;cursor:inherit}.mw-parser-output .navbar-ct-full{font-size:114%;margin:0 7em}.mw-parser-output .navbar-ct-mini{font-size:114%;margin:0 4em}html.skin-theme-clientpref-night .mw-parser-output .navbar li a abbr{color:var(--color-base)!important}@media(prefers-color-scheme:dark){html.skin-theme-clientpref-os .mw-parser-output .navbar li a abbr{color:var(--color-base)!important}}@media print{.mw-parser-output .navbar{display:none!important}}</style><div class="navbar plainlinks hlist navbar-mini"><ul><li class="nv-view"><a href="/wiki/Template:OASIS_Standards" title="Template:OASIS Standards"><abbr title="View this template">v</abbr></a></li><li class="nv-talk"><a href="/wiki/Template_talk:OASIS_Standards" title="Template talk:OASIS Standards"><abbr title="Discuss this template">t</abbr></a></li><li class="nv-edit"><a href="/wiki/Special:EditPage/Template:OASIS_Standards" title="Special:EditPage/Template:OASIS Standards"><abbr title="Edit this template">e</abbr></a></li></ul></div><div id="Standards_of_OASIS" style="font-size:114%;margin:0 4em">Standards of <a href="/wiki/OASIS_(organization)" title="OASIS (organization)">OASIS</a></div></th></tr><tr><td colspan="2" class="navbox-list navbox-odd hlist" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Advanced_Message_Queuing_Protocol" title="Advanced Message Queuing Protocol">AMQP</a></li> <li><a href="/wiki/Content_Assembly_Mechanism" title="Content Assembly Mechanism">CAM</a></li> <li><a href="/wiki/Common_Alerting_Protocol" title="Common Alerting Protocol">CAP</a></li> <li><a href="/wiki/Digital_Signature_Services" title="Digital Signature Services">DSS</a></li> <li><a href="/wiki/DocBook" title="DocBook">DocBook</a></li> <li><a href="/wiki/Darwin_Information_Typing_Architecture" title="Darwin Information Typing Architecture">DITA</a></li> <li><a href="/wiki/Directory_Services_Markup_Language" title="Directory Services Markup Language">DSML</a></li> <li><a href="/wiki/Devices_Profile_for_Web_Services" title="Devices Profile for Web Services">DPWS</a></li> <li><a href="/wiki/EbXML" title="EbXML">ebXML</a></li> <li><a href="/wiki/EDXL" title="EDXL">EDXL</a></li> <li><a href="/wiki/Election_Markup_Language" title="Election Markup Language">EML</a></li> <li><a href="/wiki/Key_Management_Interoperability_Protocol" title="Key Management Interoperability Protocol">KMIP</a></li> <li><a href="/wiki/OpenDocument" title="OpenDocument">OpenDocument</a></li> <li><a class="mw-selflink selflink">SAML</a></li> <li><a href="/wiki/Solution_Deployment_Descriptor" title="Solution Deployment Descriptor">SDD</a></li> <li><a href="/wiki/SOAP-over-UDP" title="SOAP-over-UDP">SOAP-over-UDP</a></li> <li><a href="/wiki/Service_Provisioning_Markup_Language" title="Service Provisioning Markup Language">SPML</a></li> <li><a href="/wiki/OASIS_TOSCA" title="OASIS TOSCA">TOSCA</a></li> <li><a href="/wiki/Universal_Business_Language" title="Universal Business Language">UBL</a></li> <li><a href="/wiki/Universal_Description_Discovery_and_Integration" class="mw-redirect" title="Universal Description Discovery and Integration">UDDI</a></li> <li><a href="/wiki/Web_Services_Distributed_Management" title="Web Services Distributed Management">WSDM</a></li> <li><a href="/wiki/Extensible_Resource_Identifier" title="Extensible Resource Identifier">XRI</a></li> <li><a href="/wiki/XDI" title="XDI">XDI</a></li> <li><a href="/wiki/XLIFF" title="XLIFF">XLIFF</a></li> <li><a href="/wiki/Business_Process_Execution_Language" title="Business Process Execution Language">WS-BPEL</a></li> <li><a href="/wiki/WS-Discovery" title="WS-Discovery">WS-Discovery</a></li> <li><a href="/wiki/Web_Services_Resource_Framework" title="Web Services Resource Framework">WSRF</a></li> <li><a href="/wiki/Web_Services_for_Remote_Portlets" title="Web Services for Remote Portlets">WSRP</a></li> <li><a href="/wiki/WS-Security" title="WS-Security">WSS</a></li> <li><a href="/wiki/XACML" title="XACML">XACML</a></li></ul> </div></td></tr></tbody></table></div>    </div><noscript><img src="https://login.wikimedia.org/wiki/Special:CentralAutoLogin/start?type=1x1" alt="" width="1" height="1" style="border: none; position: absolute;"></noscript> <div class="printfooter" data-nosnippet="">Retrieved from "<a dir="ltr" href="https://en.wikipedia.org/w/index.php?title=Security_Assertion_Markup_Language&oldid=1255975585">https://en.wikipedia.org/w/index.php?title=Security_Assertion_Markup_Language&oldid=1255975585</a>"</div></div> <div id="catlinks" class="catlinks" data-mw="interface"><div id="mw-normal-catlinks" class="mw-normal-catlinks"><a href="/wiki/Help:Category" title="Help:Category">Categories</a>: <ul><li><a href="/wiki/Category:XML-based_standards" title="Category:XML-based standards">XML-based standards</a></li><li><a href="/wiki/Category:Computer_access_control" title="Category:Computer access control">Computer access control</a></li><li><a href="/wiki/Category:Identity_management" title="Category:Identity management">Identity management</a></li><li><a href="/wiki/Category:Federated_identity" title="Category:Federated identity">Federated identity</a></li><li><a href="/wiki/Category:Identity_management_systems" title="Category:Identity management systems">Identity management systems</a></li><li><a href="/wiki/Category:Metadata_standards" title="Category:Metadata standards">Metadata standards</a></li></ul></div><div id="mw-hidden-catlinks" class="mw-hidden-catlinks mw-hidden-cats-hidden">Hidden categories: <ul><li><a href="/wiki/Category:Articles_with_short_description" title="Category:Articles with short description">Articles with short description</a></li><li><a href="/wiki/Category:Short_description_is_different_from_Wikidata" title="Category:Short description is different from Wikidata">Short description is different from Wikidata</a></li><li><a href="/wiki/Category:All_articles_with_unsourced_statements" title="Category:All articles with unsourced statements">All articles with unsourced statements</a></li><li><a href="/wiki/Category:Articles_with_unsourced_statements_from_September_2023" title="Category:Articles with unsourced statements from September 2023">Articles with unsourced statements from September 2023</a></li></ul></div></div> </div> </main> </div> <div class="mw-footer-container"> <footer id="footer" class="mw-footer" > <ul id="footer-info"> <li id="footer-info-lastmod"> This page was last edited on 7 November 2024, at 15:42<span class="anonymous-show"> (UTC)</span>.</li> <li id="footer-info-copyright">Text is available under the <a href="/wiki/Wikipedia:Text_of_the_Creative_Commons_Attribution-ShareAlike_4.0_International_License" title="Wikipedia:Text of the Creative Commons Attribution-ShareAlike 4.0 International License">Creative Commons Attribution-ShareAlike 4.0 License</a>; additional terms may apply. By using this site, you agree to the <a href="https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Terms_of_Use" class="extiw" title="foundation:Special:MyLanguage/Policy:Terms of Use">Terms of Use</a> and <a href="https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Privacy_policy" class="extiw" title="foundation:Special:MyLanguage/Policy:Privacy policy">Privacy Policy</a>. Wikipedia® is a registered trademark of the <a rel="nofollow" class="external text" href="https://wikimediafoundation.org/">Wikimedia Foundation, Inc.</a>, a non-profit organization.</li> </ul> <ul id="footer-places"> <li id="footer-places-privacy"><a href="https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Privacy_policy">Privacy policy</a></li> <li id="footer-places-about"><a href="/wiki/Wikipedia:About">About Wikipedia</a></li> <li id="footer-places-disclaimers"><a href="/wiki/Wikipedia:General_disclaimer">Disclaimers</a></li> <li id="footer-places-contact"><a href="//en.wikipedia.org/wiki/Wikipedia:Contact_us">Contact Wikipedia</a></li> <li id="footer-places-wm-codeofconduct"><a href="https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Universal_Code_of_Conduct">Code of Conduct</a></li> <li id="footer-places-developers"><a href="https://developer.wikimedia.org">Developers</a></li> <li id="footer-places-statslink"><a href="https://stats.wikimedia.org/#/en.wikipedia.org">Statistics</a></li> <li id="footer-places-cookiestatement"><a href="https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Cookie_statement">Cookie statement</a></li> <li id="footer-places-mobileview"><a href="//en.m.wikipedia.org/w/index.php?title=Security_Assertion_Markup_Language&mobileaction=toggle_view_mobile" class="noprint stopMobileRedirectToggle">Mobile view</a></li> </ul> <ul id="footer-icons" class="noprint"> <li id="footer-copyrightico"><a href="https://wikimediafoundation.org/" class="cdx-button cdx-button--fake-button cdx-button--size-large cdx-button--fake-button--enabled"><img src="/static/images/footer/wikimedia-button.svg" width="84" height="29" alt="Wikimedia Foundation" loading="lazy"></a></li> <li id="footer-poweredbyico"><a href="https://www.mediawiki.org/" class="cdx-button cdx-button--fake-button cdx-button--size-large cdx-button--fake-button--enabled"><img src="/w/resources/assets/poweredby_mediawiki.svg" alt="Powered by MediaWiki" width="88" height="31" loading="lazy"></a></li> </ul> </footer> </div> </div> </div> <div class="vector-settings" id="p-dock-bottom"> <ul></ul> </div><script>(RLQ=window.RLQ||[]).push(function(){mw.config.set({"wgHostname":"mw-web.codfw.main-f69cdc8f6-chdqs","wgBackendResponseTime":143,"wgPageParseReport":{"limitreport":{"cputime":"0.348","walltime":"0.478","ppvisitednodes":{"value":1007,"limit":1000000},"postexpandincludesize":{"value":26186,"limit":2097152},"templateargumentsize":{"value":1330,"limit":2097152},"expansiondepth":{"value":12,"limit":100},"expensivefunctioncount":{"value":3,"limit":500},"unstrip-depth":{"value":1,"limit":20},"unstrip-size":{"value":45920,"limit":5000000},"entityaccesscount":{"value":0,"limit":400},"timingprofile":["100.00% 420.210 1 -total"," 33.15% 139.304 1 Template:Reflist"," 30.10% 126.476 1 Template:OASIS_Standards"," 28.61% 120.215 1 Template:Navbox"," 24.18% 101.612 7 Template:Cite_web"," 19.29% 81.052 1 Template:Short_description"," 11.30% 47.495 2 Template:Pagetype"," 7.00% 29.398 1 Template:IPAc-en"," 5.26% 22.105 1 Template:Citation_needed"," 5.04% 21.164 4 Template:Main_other"]},"scribunto":{"limitreport-timeusage":{"value":"0.220","limit":"10.000"},"limitreport-memusage":{"value":5959733,"limit":52428800}},"cachereport":{"origin":"mw-web.codfw.main-f69cdc8f6-cnfgh","timestamp":"20241124010855","ttl":2592000,"transientcontent":false}}});});</script> <script type="application/ld+json">{"@context":"https:\/\/schema.org","@type":"Article","name":"Security Assertion Markup Language","url":"https:\/\/en.wikipedia.org\/wiki\/Security_Assertion_Markup_Language","sameAs":"http:\/\/www.wikidata.org\/entity\/Q1758048","mainEntity":"http:\/\/www.wikidata.org\/entity\/Q1758048","author":{"@type":"Organization","name":"Contributors to Wikimedia projects"},"publisher":{"@type":"Organization","name":"Wikimedia Foundation, Inc.","logo":{"@type":"ImageObject","url":"https:\/\/www.wikimedia.org\/static\/images\/wmf-hor-googpub.png"}},"datePublished":"2004-09-10T13:14:12Z","dateModified":"2024-11-07T15:42:58Z","headline":"XML-based format and protocol for exchanging authentication and authorization data between parties"}</script> </body> </html>