Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Saml sso by Tamil on nullblrmeet 21st July 2015

1,145 views

Published on

Saml sso by Tamil on nullblrmeet 21st July 2015

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Saml sso by Tamil on nullblrmeet 21st July 2015

  1. 1. Introduction to SMAL 2.0 - Single Sign ON Tamilvanan Ganesan Security Researcher
  2. 2. Agenda  Introduction to SAML  Introduction to Single Sign-ON  Importance of SAML  SAML Characters  SAML Architecture  Use case of SAML – Internet SSO  Active and Passive Profile
  3. 3. Introduction to SAML  SAML – Security Assertion Markup Language  SAML is a Secure XML based communication Mechanism  OASIS - Advancing Open Standards for the Information Society • SAML 1.0 November 2002 • SAML 1.1 September 2003 • SAML 2.0 March 2005
  4. 4. Importance of SAML  SAML - Increase Security  SAML - Increase Application Access  SAML - Provides good support for Administrators  Increase Security  Eliminate Multiple Authentication  Eliminate Phishing  Increase Application Access  No Need to type the password often  Administrators  Eliminate duplicate record Maintenance in database
  5. 5. Introduction to Single Sign-ON  What is SSO? Single Sign-ON is a feature of an information system that lets a user login in once and gain access to the multiple software system without being prompted to login again
  6. 6. SAML Characters  Identity Provider (IdP) - Maintain Directory of users  Service Provider (SP) - Salseforce  User IdP SP User Authentication Access Service Trust Relationship
  7. 7. SAML Architecture Assertions: Assertion is a claim, statement, or declaration of a fact made by a SAML authority Authentication assertion - the subject is authenticated Authorization assertion - the subject is authorized to access a particular resource Attribute assertion -the subject is associated with the supplied attribute Protocol: SAML defines a request/response protocol for obtaining assertions. Bindings: Details exactly how the SAML protocol maps onto transport and messaging protocols. Profiles: Active Profile – API Call Passive Profile- Browser
  8. 8. Sample SAML Request and Response <samlp:Request MajorVersion=“1” MinorVersion=“0” RequestID=“128.14.234.20.12345678” > <samlp:AuthenticationQuery> <saml:Subject> <saml:NameIdentifier SecurityDomain=“smithco.com” Name=“joeuser” /> </saml:Subject> </samlp:AuthenticationQuery> </samlp:Request> <samlp:Response MajorVersion=“1” MinorVersion=“0” RequestID=“128.14.234.20.90123456” InResponseTo=“128.14.234.20.12345678” StatusCode=“Success”> <saml:Assertion MajorVersion=“1” MinorVersion=“0” AssertionID=“128.9.167.32.12345678” Issuer=“Smith Corporation"> <saml:Conditions NotBefore=“2001-12-03T10:00:00Z” NotAfter=“2001-12-03T10:05:00Z” /> <saml:AuthenticationStatement …> </saml:AuthenticationStatement> </saml:Assertion> </samlp:Request>
  9. 9. Use case of SAML – Internet SSO IdP SP Employer User Active Directory SAML Token 1 2 3
  10. 10. Active and Passive Profile IdP User API Call Active Profile Passive Profile SAML Token
  11. 11. Resources  http://saml.xml.org/saml-specifications  http://www.opengroup.org/security/sso/sso_intro.htm  https://www.oasis-open.org/committees/download.php/731/Maler-saml-basics-2001- 12-12.pdf

×