SAML 2.0: Technical Overview

12/12/2019 को प्रकाशित
This video will explain the basics of the SAML protocol, focusing on what an IT administrator tasked with setting up federation must know.
VMware End-User Computing (EUC) solutions empower the digital workspace by simplifying app & access management, unifying endpoint management & transforming Windows delivery. Learn more on the Digital Workspace Tech Zone: techzone.vmware.com.

टिप्पणियाँ

  • excellent!

  • Very nice video, easy to understand.

  • This is an Great Explanation so far I have seen. I have got to know few new things after seeing this even though I am familiar about SAML before. Thank you very much. Just want to see how you explain differences between SAML 1.1 & 2.0 If possible please add that one also. Thanks.

  • I was able to understand everything up to 11 min but after that lost. Woul have been better if you mentiond how you did setup.

  • 👍👍👍

  • awesome!!

  • Clearest explanation I've seen. Thanks!

  • I agree with other users, great and clear explanation

  • That was excellent. Thanks for your help!

  • Very well explained .. Thank you so much

  • Lastname: NOOB me: -_-

  • Brilliant explanation!!! TYVM

  • Thank you Sir. Excellent explanation of the SAML protocol. This is one best training video on SAML. Great job. Thanks!!!

  • Excellent explanation. I spent time understanding this at different places but today it made all clear. Keep it up!!

  • Great and clean explanation

  • Great video, congratulations

  • One of the best video on SAML I have seen so far. I was literally looking for a clear explanation. It cannot get any clearer than this. Good Job !!!!! +1

  • How good is this video. I spent 2 hours surfing through various articles but this video consolidates the entire SAML protocol into one well-defined video. Thanks, Peter

  • 5:44 In case of IdP initiated flow, how can a browser (user) get the assertion from IdP and send it to SP later? I think SP always needs to redirect to IdP no matter where the authentication initiated.

    • @VMware End-User Computing Makes sense. Thank you!

    • Hi.. No that is not accurate. SAML do support a pure IdP-init flow. But this often requires the IdP to also have an application catalog so the users can click on an icon to launch the app (SP). There are some variations often referred to as pseudo SP-init and pseudo IdP-init where the flow is more like how you described.

  • Great video! Just a question: for trust to be established between the Identify Provider and Service Provider, is there an initial setup or handshake between those two entities to verify that it's working? And would failures in trust be known only at runtime?

    • Some SPs offers a test mechanism, e.g. SFDC. But in general once you established trust (often the metadata exchange) you have to test it manually.

  • very well explained

  • Excellent video explaining fundamentals of SAML flow.

  • In any arbitrary coding language, how would I go about sending an AuthnRequest from SP to IDP, and get the SAMLResponse back? And then how also would I get the parse the SAMPResponse from the html form it is sent in? Any clue, guys?

  • Learn more on End-to-end tech implementation - Mandisa Makubalo on Engati CX : inplans.info/first/fau-0Hmw2b-MqaM/v-iy

  • Peter Bjork, I presume. This is by far the best SAML video I have ever seen. Thanks a lot, very clarifying and useful. If you happen to have your own channel or more videos, please tell

    • Many thanks, glad you liked it.. techzone.vmware.com is where I publish everything that I do.. I hope to get the time to create more technology/standards generic video.

  • A most excellent primer on SAML. Thank you very much!

  • Best so far, Great Job

  • thanks for the good explanation. i would like to know more about the signature and certificate exchange. Can anybody recommend a source ?

  • I just got done with your IAM Techincal video. Thanks for putting this up! Saved me a ton of time.

  • Thank you! nicely explained.

  • Is this correct? My understanding of SAML was that there is no communication between IDP and SP and that SAML assertions are issued to the user. You seems to keep referring to some for of communication between IDP and SP.

    • There is communication between SP and the IdP when using the SAML Artifact flow.. I explained both flows..

  • nice :)

  • again, perfect, awesome explanation

  • we have already included a Unique identifier in SAML Artifact then why we have to include Issuer ID in SAML assertion ?

    • UiD is user detail and issuer id is the Senders details

  • Thank you !

  • Awesome Explanation. Does the example you show include both Authentication and Authorization? Or Do we need additional configuration needed specific for Authorization? Thank you.

    • SAML can be used for both and I would say you don't need to configure anything extra.

  • Good presentation. What kind of software are you using to make this awesome video -- :)

    • Best is for you to search the Internet for it.. There are plenty of animation software you can use..

  • How a SAML assertion signed?

    • It is done with the help of the private key of the sender. Therefore can be validated with the use of the public key of the sender. Standard certificate stuff.

  • It's what I was looking for. Thanks very much

  • Very clear explanation, thank you!

  • This is a great video. Very concise and simple explanations. Would recommend checking out WorkOS ( workos.com/ ) to get SAML authentication integrated for free.

  • Really great video about SAML2.0, good job

  • That's REALLY nice video on SAML, IDP, SP, SSO

  • SAML Tracer demo was awesome.

  • Excellent overview, thanks.

  • Fantastic explanation! very thorough and clear.

  • This is by far the best explanation I saw from this process!!! Very good Job here! Thank you so much!

  • Thanks for explaining in details. Very informative.

  • Thank you for the detail clarification about IDP, SP and SAML

  • Simplest explanation I ever seen on SSO, IDP, SP SAML. Thanks for the Video

  • What an excelent video. Well done!

  • Trust me this is the great video to start SAML..cheers

  • Great explanation

  • What a great video. Just had the right level of information I was looking for. Thanks!

  • Excellent content and presentation. Would you mind sharing what software you used to simulate writing on the white board?

    • Thanks.. Just Google for it. There are plenty and I wouldn't say no one is better than the other.

  • Very well explained...saml concept is cleared now...much things are done at the background..such as authentication and authorization and many more.. between IDP and SP.

  • Thanks a lot for sharing this video. It strikes the right balance between the technicalities and the big picture needed to introduce someone to SAML 2.0. Most of the resources I found before were either too technical such as the specification itself or were focused on configuring a specific product without explaining the underlying concepts. If I would recommend a resource for a beginner, it would definitely be this video.

  • One of the best video on SAML I have seen so far. I was literally looking for a clear explanation. It cannot get any clearer than this. Good Job !!!!!

  • Very clearly and easily explained , Thanks very Much 👍🏼

  • Great video, easy to understand. Client want to integrate SSO with auth0. Requirement is like if user is logged in to asdf.com and if he wants to login to asdf.qwert.com then there should be seamless login. I am looking forward with SAML. How can I do this? please help.

    • Thanks, happy you liked it.. How exactly you go about doing it depends on what products you have. Are you using VMware's Workspace ONE Access? If not, I'm afraid I cannot give you any detailed guidelines.

  • Well explained.

  • Awesome video. Very succinct.

  • Nice explanation and very informative, thanks Peter.

  • very good presentation. short and sweet :)

  • Super cool explanation! Thanks!!

  • Thank you! Really great explanation!

  • Is it fair to say that artifact binding is akin to oAuth code flow (code for token exchange)? Pass the artifact on the front channel while assertion is passed back channel?

    • Hi, not sure I would say they are similar. OAuth has a completely different use-case.. With SAML Artifact it is the application backend (SP) retrieving the artifact. In OAuth it is the client. Then the client sends the OAuth token to the backend for access..

  • Wow, such a great and explanatory video which also includes technical details - loved it! A question - how the digest value / signature of the IdP works and how can you know that it has not been tampered with? Basically, is it mandatory to encrypt SAML assertion messages by both IdP and SP or is it just enought that they are signed?

    • Hi, glad you liked the video.. I am not an expert on the signing method but assume it is something like generating a hash of the message and then encrypting it with the private key.. Pretty much like email signing. Then the receiving end decrypts it using the public key and compares it with its own hash. If they match no one has tampered with the message.. If anyone else knows more details please feel free to comment. Encryption of the whole message is not super common. Typically many are fine with the signing. But if you are extra cautious I guess encryption would solve that for you.

  • wondering how is saml used for authorization?

    • Well, SAML can include any attributes of the user. So that means you can include authorization information that way.. You can also claim that the portion of the assertion stating if the user was successful to authenticate and use a certain resource or not also is an authorization type.

  • Great presentation. Easy to know the flow of SAML. Thanks you very much.

  • Nice and informative video 👍

  • Thanks for the videa. Now I know what's SAML. :D

  • The explanation and video are very clear, easy to visualize and understand. It covered most of the important topics and is exhaustive. Thank you so much, helped a lot.

  • Hi good explanation, how the digest value and signature was prepared.

  • With SAML 2.0 you can use Active Directory or LDAP to handle authorization so you can simply integrate with IAM governance tool( SailPoint) to handle end user access, leaver/transfer process.

    • On-premises Active Directory is a user store and can handle AuthZ for Windows networks but is not based on SAML. The AD is often the source of your identities and feeds your SAML solution with users and groups. SailPoint is an excellent Identity Management solution. But this video is about the standard SAML 2.0. It is not focusing on specific products or vendors.

  • Great video, even after all these years with VIDM I could pick up something new!

  • Excellent video. Thanks

  • Great content, lovely video editing as well, and voice over is nicely done too

  • Great explanation of the SAML protocol, thanks Peter

  • Hello Peter! Great job ... as usual.

  • Simply great video..

  • Hello Peter, Its totally clear and i would like to see more especially regarding Oauth (how to check and configure...) anyways, thank you so much for this amazing video ... really appreciate it Tanks once again & good luck with your business.

  • My customer wants SAML integration between Oracle Access Manager and the Horizon 7 environment. we did the metadata transfer but it didn't work properly. Connection Servers are behind the UAG, in which case should SAML integration be made on the connection server? or on the UAG? or both? how can I do this integration?

    • Thank you so much for this video.. it's very useful

    • Horizon requires the SAML Artifact flow and it is not a standard implementation. You must either use Workspace ONE Access as a bridge or you can use the latest Unified Access Gateway 3.8. In 3.8 generic SAML support was added. Here's a post talking about how to set it up with Okta.. techzone.vmware.com/enabling-saml-20-authentication-horizon-unified-access-gateway-and-okta-vmware-horizon-operational. Hopefully that will help you.