SAML | Miles' Blog

SAML（Security Assertion Markup Language）是一個 base on XML 的框架，同時也是一種協定。

Terms

Roles

User Agent
Service Provider
Identity Provider
Session Participant (類似 Service Provider)

@startuml
UserAgent -> ServiceProvider: (1) Access resource
ServiceProvider -> UserAgent: (2) Redirect with AuthnRequest to IdP's SSO service
IdentityProvider -> UserAgent: (3) Challenge for credentials
UserAgent -> IdentityProvider: (4) User Login
IdentityProvider -> UserAgent: (5) Signed <Response> in HTML form
UserAgent -> ServiceProvider: (6) POST signed <Response> (AssertionConsumerServiceURL)
ServiceProvider -> UserAgent: (7) Forward to resource page
@enduml

Logout

@startuml
SessionParticipant -> IdentityProvider: (1) <LogoutRequest>
IdentityProvider -> AnotherSessionParticipant: (2) <LogoutRequest>
AnotherSessionParticipant -> IdentityProvider: (3) <LogoutResponse>
IdentityProvider -> SessionParticipant: (4) <LogoutResponse>
@enduml

Issuer: 組織單位 (Required)

AssertionConsumerServiceURL: 轉向的網頁

包裝資訊的方法

inflate
base64 encode
urlencode

相反地，解開的方法

urldecode
base64 decode
deflate

References

Technical Overview