SAML

To support SSO, the portal utilizes Security Assertion Markup Language (SAML). SAML is an XML- and HTTP-based standard protocol for web applications to securely retrieve information about users who are entitled to use the web application.

Using SAML, authentication and authorization data can be securely exchanged between an Identity Provider (IdP) and a Service Provider (SP). The SP (in this case, the portal) contacts the IdP using a SAML-compatible API. The IdP either returns information about an already authenticated user, or opens a login form for the user to authenticate before returning the information.

The information is not returned as a result of the SAML call. Instead, the IdP calls the SP by using a SAML call. This means that both parties, the IdP and the SP, need to maintain configuration information about the other party. For more information about the impacted entities, see SAML entities.

The security of the HTTP communication is ensured by a Secure Socket Layer (SSL) between the IdP and SP. To ensure message-level security, messages can be signed and encrypted. For more information, see Message encryption.