SAML Explained

SAML is an XML-based federation protocol used for enterprise single sign-on between an Identity Provider and a Service Provider.

The core contract is simple: the IdP authenticates the user and sends a signed assertion; the SP validates that assertion, maps the identity, and creates its own local session. SAML is older than OpenID Connect, but it remains common in enterprise SaaS and internal application portfolios.

This chapter covers how SAML login works and what a service provider must validate before trusting it.