Example SAML Use Cases
We'll look at four primary SAML use cases: two for web browsers and two that use SOAP. The first, called the pull profile
, shows how SAML can be used to create a single sign-on between two web sites. The pull profile uses SAML artifacts (in essence, tokens) that are passed from one site to another using a URL query string. The site making the assertion (the source site) creates a link to the destination site containing the artifact in the URL, and when the user clicks on it, the destination site receives the artifact as part of the HTTP GET
request. The artifact is a key that the second site can then use to pull the actual assertion from the source site.
The pull profile is illustrated in Figure 11-2. In the example,
Mary visits http://Airline.com and purchases airline tickets. During her interactions with http://Airline.com, she has logged in and has been authenticated.
At the point of purchase, http://Airline.com recommends that Mary rent a car from http://RentalCar.com and provides a link containing an embedded SAML artifact.
When Mary clicks on the link, the artifact is transferred to http://RentalCar.com.
http://RentalCar.com makes a SAML request using the artifact.
http://RentalCar.com receives an authentication assertion in return, allowing Mary to use the services on http://RentalCar.com without signing onto http://RentalCar.com directly.
Figure 11-2. Browser ...
Get Digital Identity now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.