SAML IDP Profile
A SAML IDP Profile fulfills the role of a SAML Identity Provider (IDP) by responding to authentication requests from SAML Service Providers and issuing SAML assertions that establish user identities.
Introduction to the SAML IDP Profile#
The SAML IDP profile and the OAuth profile both enable federated authentication, but they use different protocols and flows. The SAML IDP profile’s features are based on the SAML 2.0 Web Browser SSO Profile specification, where the Identity Provider issues SAML assertions to Service Providers. In contrast, the OAuth profile uses the OAuth 2.0 and OpenID Connect protocols, where an OpenID Provider issues ID-tokens to clients.
However, SAML is XML-based and primarily used for enterprise SSO, while OAuth is JSON-based and widely used for API authorization and modern web/mobile applications. For more details, see the OAuth profile introduction.
SAML IDP Profile Concepts#
The SAML specification is quite extensive, however some key concepts that are relevant to the SAML IDP profile include:
Configuration
Create and configure a SAML IDP Profile.
Attributes
Manage how assertions are issued and how to configure the attributes that are included in them.
Service Providers
Create and manage Service Provider configurations.
Learn by Use Case#
The SAML IDP profile plays a key role in identity modernization. You can use modern OAuth approaches like the Token Handler Pattern for newer web apps. You can often repoint existing SAML websites to the Curity Identity Server without code changes. Both old and new apps benefit from the modern authentication features that the Authentication Profile provides.
- The Migrating from Microsoft Active Directory Federation Services provides a migration case study.
- The Integrate a SAML Website tutorial provides an example configuration.
- The SAML 2.0 Website provides an example deployment that uses customize user attributes.