Security Assertion Markup Language (SAML) is an XML-based, open-standard data format for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. SAML addresses, in particular, web browser single sign-on (SSO). The SAML specification defines three roles: a principal (for example, a user), and identity provider (IdP), and a service provider (SP). In an example authentication, the principal requests a service from the SP. The SP requests and receives an identity assertion from the IdP. On the basis of this assertion, the service provider may decide whether to grant access to a resource or not.
Before delivering an identity assertion to the SP, the IdP may request some information from the principal, such as a username and password, an authentication token, a two-factor authentication, or other authentication data. (SAML does not specify a required method of authentication at the identity provider.) SAML specifies the assertions between the three parties, particularly the messages that assert identity that are passed from the IdP to the SP. In SAML, one identity provider may provide SAML assertions to many service providers. Similarly, one SP may rely on and trust assertions from many independent IdPs.