Standards


Back to Resources

SAML 2.0


Security Assertion Markup Language 2.0 (SAML 2.0) is the most current version of the SAML OASIS standard for exchanging authentication and authorization data between security domains, or widely referred to as single sign-on.

SAML 2.0 is an XML-based protocol that uses security tokens containing assertions to pass information about a principal (usually an end user) between a SAML authority, that is an identity provider, and a web service, that is a service provider.

SAML 2.0 enables web-based authentication and authorization scenarios including single sign-on (SSO).

SAML 2.0 was ratified as an OASIS Standard in March 2005, replacing SAML 1.1. The critical aspects of SAML 2.0 are covered in detail in the official documents SAMLConform, SAMLCore, SAMLBind, and SAMLProf.

Some 30 individuals from more than two dozen companies and organizations were involved with the creation of SAML 2.0. In particular, and of special note, Liberty Alliance donated its Identity Federation Framework (ID-FF) specification to OASIS, which became the basis of the SAML 2.0 specification.

Thus SAML 2.0 represents the convergence of SAML 1.1, Liberty ID-FF 1.2, and Shibboleth 1.3.

For more information, check out our article: how SAML works.

Get News and Product Updates