Mika Koivisto, profile picture
Uploaded byMika Koivisto
73,384 views

Introduction to SAML 2.0

This document provides an introduction to Security Assertion Markup Language (SAML) 2.0, including: - SAML is an XML-based standard for exchanging authentication and authorization data between parties like an identity provider and service provider. - It defines roles like identity providers, service providers, and users. - SAML supports single sign-on, attribute sharing, identity federation, and other use cases through protocols, bindings, and profiles. - Liferay supports acting as an identity provider or service provider using SAML through an enterprise edition plugin, allowing configuration as an IdP or SP through properties and metadata files. - The presentation demonstrates SAML single sign-on flows and configurations using examples

Technology
Related topics:
Identity Management
In this document
Powered by AI

Introduction to SAML 2.0 and agenda items including SAML concepts, integration with Liferay, and a demo.

Overview of SAML: its definition, roles (IdP, SP, User) and advantages, including improved user experience and security.

Detailed SAML concepts including protocols like Authentication Request and Assertion Query, bindings and profiles for SSO.

Liferay integration with SAML 2.0, supporting IdP and SP modes with features for single sign-on and single logout.

Various types of SAML initiated single sign-on and single logout for both IdP and SP, along with supported bindings.

Steps to configure IdP and SP in Liferay, including keystore creation and properties configurations.

Extension points for custom SAML functionality; resources for further reading and a brief demo mention. Thank You!

Embed presentation

Introduction to SAML 2.0 Mika Koivisto Senior Software Engineer
Agenda Introduction SAML Concepts Liferay and SAML 2.0 Demo
What is SAML? Security Assertion Markup Language XML based protocol OASIS approved standard SAML 1.0 November 2002 SAML 1.1 September 2003 SAML 2.0 March 2005 Flexible and extensible protocol designed to be used by other standards
SAML Roles Identity Provider (IdP) / Asserting party Service Provider (SP) / Relying party User
Advantages of SAML Platform neutral Loose coupling of directories Improved online experience for end users Supported by many SaaS applications Increased security Strong commercial and open source support
Use cases Web Single Sign-On Attribute based authorization Identity Federation WS-Security
SAML Concepts
Protocols Authentication Request Protocol Assertion Query and Request Protocol Artifact Resolution Protocol Name Identifier Management Protocol Name Identifier Mapping Protocol Single Logout Protocol
Bindings HTTP Redirect Binding HTTP Post Binding HTTP Artifact Binding SAML SOAP Binding Reverse SOAP (PAOS) Binding SAML URI Binding
Profiles Web Browser SSO Profile Enhanced Client and Proxy (ECP) Profile Identity Provider Discovery Profile Single Logout Profile Assertion Query/Request Profile Artifact Resolution Profile Name Identifier Management Profile Name Identifier Mapping Profile
Liferay and SAML 2.0 Available as a EE plugin Supports two operation modes Identity Provider Service Provider Built on top of OpenSAML Uses Java keystore for credentials Configured using SAML metadata and portal(- ext).properties
Features IdP initiated Web SSO SP initiated Web SSO SP initiated Single Logout IdP initiated Single Logout Consumes and Produces SAML Metadata Attribute statement generation (IdP) JIT provisioning using attribute statements (SP)
IdP Supported Bindings Web Single Sign-On Profile HTTP Redirect Binding (AuthnRequest) HTTP Post Binding (AuthnRequest and Response) Single Logout Profile HTTP Redirect Binding (SP initiated only) SAML SOAP Binding (IdP to SP only)
SP Supported Bindings Web Single Sign-On Profile HTTP Redirect Binding (AuthnRequest) HTTP Post Binding (Response) Single Logout Profile HTTP Redirect Binding (SP initiated only) SAML SOAP Binding (IdP to SP only)
SP initiated Single Sign-On
IdP initiated Single Sign-On
SP Initiated Single Logout
IdP Initiated Single Logout
Configuration - IdP Create keystore with signing key keytool -genkey -keyalg RSA -alias liferaysamlidpdemo -keystore keystore.jks -storepass liferay -keysize 2048 Create portal-ext.properties saml.enabled=true saml.role=idp saml.entity.id=liferaysamlidpdemo saml.metadata.paths= ${liferay.home}/saml/salesforce.xml, http://beta.test.com:9080/c/portal/saml/metadata saml.keystore.type=jks saml.keystore.path=${liferay.home}/data/keystore.jks saml.keystore.password=liferay saml.keystore.credential.password[liferaysamlidpdemo]=liferay
Configuration - SP Create keystore with signing key keytool -genkey -keyalg RSA -alias liferaysamlspdemo -keystore keystore.jks -storepass liferay -keysize 2048 Create portal-ext.properties saml.enabled=true saml.role=sp saml.entity.id=liferaysamlspdemo saml.metadata.paths=http://localhost:8080/c/portal/saml/metadata saml.sp.default.idp.entity.id=liferaysamlidpdemo saml.keystore.type=jks saml.keystore.path=${liferay.home}/data/keystore.jks saml.keystore.password=liferay saml.keystore.credential.password[liferaysamlspdemo]=liferay
Extension points com.liferay.saml.resolver.AttributeResolver com.liferay.saml.resolver.NameIdResolver saml-spring.xml com.liferay.saml.profile.SingleLogoutProfile com.liferay.saml.profile.WebSsoProfile
Demo SalesForce.com Google Apps Liferay Service Provider
Resources http://saml.xml.org/saml-specifications Liferay SAML plugin config reference http://bit.ly/lrsamlplugin Difficulties of Single Logout https://wiki.shibboleth.net/confluence/display/SHIB2/ SLOIssues Seamless Single Sign-On with SAML (salesforce) http://www.youtube.com/watch?v=Gztz6h0LgA8
Thank You!

More Related Content

PPTX
IdP, SAML, OAuth
byDan Brinkmann
 
PDF
Single sign on using SAML
byProgramming Talents
 
PDF
SAML Protocol Overview
byMike Schwartz
 
PDF
Introduction to SAML & OIDC
byForgeRock Identity Tech Talks
 
PPT
Presentation sso design_security
byMarco Morana
 
PDF
Demystifying OAuth 2.0
byKarl McGuinness
 
PPTX
SSO introduction
byAidy Tificate
 
PPT
AD & LDAP
byCynoteck Technology Solutions Private Limited
 
IdP, SAML, OAuth
byDan Brinkmann
 
Single sign on using SAML
byProgramming Talents
 
SAML Protocol Overview
byMike Schwartz
 
Introduction to SAML & OIDC
byForgeRock Identity Tech Talks
 
Presentation sso design_security
byMarco Morana
 
Demystifying OAuth 2.0
byKarl McGuinness
 
SSO introduction
byAidy Tificate
 
AD & LDAP
byCynoteck Technology Solutions Private Limited
 

What's hot

PPTX
Building secure applications with keycloak
byAbhishek Koserwal
 
PDF
Demystifying SAML 2.0,Oauth 2.0, OpenID Connect
byVinay Manglani
 
PPTX
Rest API Security
byStormpath
 
PPTX
Secure your app with keycloak
byGuy Marom
 
PDF
SAML VS OAuth 2.0 VS OpenID Connect
byUbisecure
 
PPTX
An Introduction to OAuth 2
byAaron Parecki
 
PPTX
REST API Design & Development
byAshok Pundit
 
PPT
OAuth 2.0 and OpenId Connect
bySaran Doraiswamy
 
PDF
OpenID Connect Explained
byVladimir Dzhuvinov
 
PPTX
Saml vs Oauth : Which one should I use?
byAnil Saldanha
 
ODP
Introduction to Swagger
byKnoldus Inc.
 
PPTX
OpenID Connect: An Overview
byPat Patterson
 
PPTX
Json Web Token - JWT
byPrashant Walke
 
PDF
Token, token... From SAML to OIDC
byShiu-Fun Poon
 
PPTX
OAuth2 + API Security
byAmila Paranawithana
 
PDF
OAuth 2.0
byUwe Friedrichsen
 
PDF
Api presentation
byTiago Cardoso
 
PDF
Owasp top 10
byYasserElsnbary
 
PPTX
Prometheus and Grafana
byLhouceine OUHAMZA
 
PPTX
Azure security and Compliance
byKarina Matos
 
Building secure applications with keycloak
byAbhishek Koserwal
 
Demystifying SAML 2.0,Oauth 2.0, OpenID Connect
byVinay Manglani
 
Rest API Security
byStormpath
 
Secure your app with keycloak
byGuy Marom
 
SAML VS OAuth 2.0 VS OpenID Connect
byUbisecure
 
An Introduction to OAuth 2
byAaron Parecki
 
REST API Design & Development
byAshok Pundit
 
OAuth 2.0 and OpenId Connect
bySaran Doraiswamy
 
OpenID Connect Explained
byVladimir Dzhuvinov
 
Saml vs Oauth : Which one should I use?
byAnil Saldanha
 
Introduction to Swagger
byKnoldus Inc.
 
OpenID Connect: An Overview
byPat Patterson
 
Json Web Token - JWT
byPrashant Walke
 
Token, token... From SAML to OIDC
byShiu-Fun Poon
 
OAuth2 + API Security
byAmila Paranawithana
 
OAuth 2.0
byUwe Friedrichsen
 
Api presentation
byTiago Cardoso
 
Owasp top 10
byYasserElsnbary
 
Prometheus and Grafana
byLhouceine OUHAMZA
 
Azure security and Compliance
byKarina Matos
 

Similar to Introduction to SAML 2.0

PDF
How to break SAML if I have paws?
byGreenD0g
 
PPTX
Enterprise single sign on
byArchit Sharma
 
PPTX
Understanding SAML 2.0: Enhancing Secure Authentication
byNarendra Kadali
 
PPTX
IBM Single Sign-On
byVan Staub, MBA
 
PDF
Design Pattern for Federated Single Sign-On Access
byMike Reams
 
PDF
"Securing SSO Authentication: Strategies to eliminate vulnerabilities", Oleh ...
byFwdays
 
PDF
White Paper: Saml as an SSO Standard for Customer Identity Management
byGigya
 
PDF
Saml
byRoger Xia
 
PDF
SAML
byLéopold Gault
 
PDF
SAML and Liferay
byMika Koivisto
 
PDF
Introducing SAML 2.0 Protocol: Security and Performance
byAmin Saqi
 
PDF
Interoperable Provisioning in a distributed world
byRamesh Nagappan
 
PPTX
Introduction to SAML and how to create it by JoeSelian.pptx
byimcheaterid
 
PDF
Attacking SSO (SAML) - Breaking into the front door of Authentication
byAmit Kumar
 
PDF
SAML 101
byEchoworx
 
PDF
RMLL 2013 - The SAML Protocol: Single Sign On for skilled people
byClément OUDOT
 
PDF
CIS 2015 Extreme SAML - Hans Zandbelt
byCloudIDSummit
 
PDF
Taking a Pragmatic Look at the Salesforce Security Model
bySalesforce Developers
 
PDF
SAML Executive Overview
byPortalGuard
 
PDF
Wp saml v2_rs_3_24_2015
byElaine Sun
 
How to break SAML if I have paws?
byGreenD0g
 
Enterprise single sign on
byArchit Sharma
 
Understanding SAML 2.0: Enhancing Secure Authentication
byNarendra Kadali
 
IBM Single Sign-On
byVan Staub, MBA
 
Design Pattern for Federated Single Sign-On Access
byMike Reams
 
"Securing SSO Authentication: Strategies to eliminate vulnerabilities", Oleh ...
byFwdays
 
White Paper: Saml as an SSO Standard for Customer Identity Management
byGigya
 
Saml
byRoger Xia
 
SAML
byLéopold Gault
 
SAML and Liferay
byMika Koivisto
 
Introducing SAML 2.0 Protocol: Security and Performance
byAmin Saqi
 
Interoperable Provisioning in a distributed world
byRamesh Nagappan
 
Introduction to SAML and how to create it by JoeSelian.pptx
byimcheaterid
 
Attacking SSO (SAML) - Breaking into the front door of Authentication
byAmit Kumar
 
SAML 101
byEchoworx
 
RMLL 2013 - The SAML Protocol: Single Sign On for skilled people
byClément OUDOT
 
CIS 2015 Extreme SAML - Hans Zandbelt
byCloudIDSummit
 
Taking a Pragmatic Look at the Salesforce Security Model
bySalesforce Developers
 
SAML Executive Overview
byPortalGuard
 
Wp saml v2_rs_3_24_2015
byElaine Sun
 

Recently uploaded

PPTX
Basics of Identity Access Management In mordern Infrastructure
byPrinceXavier18
 
PDF
Vibe Coding vs. Spec-Driven Development [Free Meetup]
byHaim Michael
 
PDF
Generative AI in UiPath: Mastering the Generative Extractor for Intelligent D...
byDianaGray10
 
PDF
The year in review - MarvelClient in 2025
bypanagenda
 
PDF
Safeguarding AI-Based Financial Infrastructure
byYasir Naveed Riaz
 
PDF
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
PDF
ElyriaSoftware — Powering the Future with Blockchain Innovation
byElyria Software
 
PDF
December Patch Tuesday
byIvanti
 
PDF
Security Technologys: Access Control, Firewall, VPN
byShielaLasala
 
PDF
Usage Control for Process Discovery through a Trusted Execution Environment
byValerioGoretti
 
PDF
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
PPTX
The Landscape of Computer Software Development Companies
byYash Singh
 
PDF
Empowering Productivity with Clever Prompts and Intelligent Agents
byUni Systems S.M.S.A.
 
PPTX
RISE with SAP for Automotive - S4 HANA Value.pptx
byAmira Jemi
 
PDF
Innovative AI Solutions for Business Growth.pdf
byVox Works
 
PDF
Accelerating Responsible AI Adoption in Public Sector and Private Organizations.
byYasir Naveed Riaz
 
PDF
Knowing and Doing: Knowledge graphs, AI, and work
bymarainglezakis1
 
PDF
8 LLM Surveys https://tinyurl.com/bdz8e6fp
byBob Marcus
 
PDF
Top Cybersecurity Threats 2025 Guide by Sureshdas
byPrintersassist
 
PDF
eResource Scheduler Enterprise Resource Management and Scheduling Software.pdf
byeResource Scheduler
 
Basics of Identity Access Management In mordern Infrastructure
byPrinceXavier18
 
Vibe Coding vs. Spec-Driven Development [Free Meetup]
byHaim Michael
 
Generative AI in UiPath: Mastering the Generative Extractor for Intelligent D...
byDianaGray10
 
The year in review - MarvelClient in 2025
bypanagenda
 
Safeguarding AI-Based Financial Infrastructure
byYasir Naveed Riaz
 
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
ElyriaSoftware — Powering the Future with Blockchain Innovation
byElyria Software
 
December Patch Tuesday
byIvanti
 
Security Technologys: Access Control, Firewall, VPN
byShielaLasala
 
Usage Control for Process Discovery through a Trusted Execution Environment
byValerioGoretti
 
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
The Landscape of Computer Software Development Companies
byYash Singh
 
Empowering Productivity with Clever Prompts and Intelligent Agents
byUni Systems S.M.S.A.
 
RISE with SAP for Automotive - S4 HANA Value.pptx
byAmira Jemi
 
Innovative AI Solutions for Business Growth.pdf
byVox Works
 
Accelerating Responsible AI Adoption in Public Sector and Private Organizations.
byYasir Naveed Riaz
 
Knowing and Doing: Knowledge graphs, AI, and work
bymarainglezakis1
 
8 LLM Surveys https://tinyurl.com/bdz8e6fp
byBob Marcus
 
Top Cybersecurity Threats 2025 Guide by Sureshdas
byPrintersassist
 
eResource Scheduler Enterprise Resource Management and Scheduling Software.pdf
byeResource Scheduler
 

Introduction to SAML 2.0

  • 1.
    Introduction to SAML2.0 Mika Koivisto Senior Software Engineer
  • 2.
    Agenda Introduction SAML Concepts Liferay and SAML 2.0 Demo
  • 3.
    What is SAML? Security Assertion Markup Language XML based protocol OASIS approved standard SAML 1.0 November 2002 SAML 1.1 September 2003 SAML 2.0 March 2005 Flexible and extensible protocol designed to be used by other standards
  • 4.
    SAML Roles Identity Provider (IdP) / Asserting party Service Provider (SP) / Relying party User
  • 5.
    Advantages of SAML Platform neutral Loose coupling of directories Improved online experience for end users Supported by many SaaS applications Increased security Strong commercial and open source support
  • 6.
    Use cases Web Single Sign-On Attribute based authorization Identity Federation WS-Security
  • 7.
  • 8.
    Protocols AuthenticationRequest Protocol Assertion Query and Request Protocol Artifact Resolution Protocol Name Identifier Management Protocol Name Identifier Mapping Protocol Single Logout Protocol
  • 9.
    Bindings HTTPRedirect Binding HTTP Post Binding HTTP Artifact Binding SAML SOAP Binding Reverse SOAP (PAOS) Binding SAML URI Binding
  • 10.
    Profiles WebBrowser SSO Profile Enhanced Client and Proxy (ECP) Profile Identity Provider Discovery Profile Single Logout Profile Assertion Query/Request Profile Artifact Resolution Profile Name Identifier Management Profile Name Identifier Mapping Profile
  • 11.
    Liferay and SAML2.0 Available as a EE plugin Supports two operation modes Identity Provider Service Provider Built on top of OpenSAML Uses Java keystore for credentials Configured using SAML metadata and portal(- ext).properties
  • 12.
    Features IdPinitiated Web SSO SP initiated Web SSO SP initiated Single Logout IdP initiated Single Logout Consumes and Produces SAML Metadata Attribute statement generation (IdP) JIT provisioning using attribute statements (SP)
  • 13.
    IdP Supported Bindings Web Single Sign-On Profile HTTP Redirect Binding (AuthnRequest) HTTP Post Binding (AuthnRequest and Response) Single Logout Profile HTTP Redirect Binding (SP initiated only) SAML SOAP Binding (IdP to SP only)
  • 14.
    SP Supported Bindings Web Single Sign-On Profile HTTP Redirect Binding (AuthnRequest) HTTP Post Binding (Response) Single Logout Profile HTTP Redirect Binding (SP initiated only) SAML SOAP Binding (IdP to SP only)
  • 15.
  • 16.
  • 17.
  • 18.
  • 19.
    Configuration - IdP Create keystore with signing key keytool -genkey -keyalg RSA -alias liferaysamlidpdemo -keystore keystore.jks -storepass liferay -keysize 2048 Create portal-ext.properties saml.enabled=true saml.role=idp saml.entity.id=liferaysamlidpdemo saml.metadata.paths= ${liferay.home}/saml/salesforce.xml, http://beta.test.com:9080/c/portal/saml/metadata saml.keystore.type=jks saml.keystore.path=${liferay.home}/data/keystore.jks saml.keystore.password=liferay saml.keystore.credential.password[liferaysamlidpdemo]=liferay
  • 20.
    Configuration - SP Create keystore with signing key keytool -genkey -keyalg RSA -alias liferaysamlspdemo -keystore keystore.jks -storepass liferay -keysize 2048 Create portal-ext.properties saml.enabled=true saml.role=sp saml.entity.id=liferaysamlspdemo saml.metadata.paths=http://localhost:8080/c/portal/saml/metadata saml.sp.default.idp.entity.id=liferaysamlidpdemo saml.keystore.type=jks saml.keystore.path=${liferay.home}/data/keystore.jks saml.keystore.password=liferay saml.keystore.credential.password[liferaysamlspdemo]=liferay
  • 21.
    Extension points com.liferay.saml.resolver.AttributeResolver com.liferay.saml.resolver.NameIdResolver saml-spring.xml com.liferay.saml.profile.SingleLogoutProfile com.liferay.saml.profile.WebSsoProfile
  • 22.
    Demo SalesForce.com GoogleApps Liferay Service Provider
  • 23.
    Resources http://saml.xml.org/saml-specifications Liferay SAML plugin config reference http://bit.ly/lrsamlplugin Difficulties of Single Logout https://wiki.shibboleth.net/confluence/display/SHIB2/ SLOIssues Seamless Single Sign-On with SAML (salesforce) http://www.youtube.com/watch?v=Gztz6h0LgA8
  • 24.