The identity provider can then make assertions to the service provider, for example, to attest that the end user has authenticated with the identity provider. When configuring AM to provide single sign-on using SAML v2.0, you can map accounts at the identity provider to accounts at the service provider, including mapping to an anonymous user. You can also export the metadata from providers created in an AM instance, referred to as hosted providers.įor more information about metadata, see Metadata for the OASIS Security Assertion Markup Language (SAML) V2.0 in the SAML V2.0 Standard.
AM can import the XML-formatted metadata provided by other providers, which are referred to as remote providers. Sharing metadata greatly simplifies the creation of SAML v2.0 providers in a circle of trust. Providers in SAML v2.0 share metadata, which represents the configuration of the provider, as well as the mechanisms it can use to communicate with other providers.įor example, the metadata may contain neccessary certificates for signing verification, as well as which of the SAML v2.0 bindings are supported. The service provider has a trust relationship with the identity provider, which enables the SP to rely on the assertions it receives from the IDP.Ī circle of trust is an AM concept that groups at least one identity provider and at least one service provider who agree to share authentication information. The provider of the service or application that the end user is trying to access. The identity provider is responsible for authenticating end users, managing their account, and issuing SAML assertions about them. The level of authentication they have performed. Their attributes, such as pieces of information from the user's profile.
0 kommentar(er)
