article SAML-Based SSO Authentication Idea in General Articles https://live.paloaltonetworks.com/t5/general-articles/saml-based-sso-authentication-idea/ta-p/541599 <DIV class="lia-message-template-content-zone"> <P><SPAN>As a SAML-based, single sign-on (SSO) login summary with most of SAML components in the picture below, I want to point out some important things that need to be done to make SAML work:</SPAN></P> <P>&nbsp;</P> <OL> <LI><SPAN>SAML is XML-based protocol used for exchanging authentication and authorization data between different parties, so we'll need the user's browser to handle that</SPAN></LI> <LI><SPAN>Any authentication needs a database to validate the users against&nbsp;it. You can store or create users in Identity Provider (IDP) as user's database, but most of the time you'll need to integrate IDP with Active Directory or Azure Active Directory</SPAN></LI> <LI><SPAN>Identity Provider (IDP) and Service Provider (SP) don't talk to each other during SAML user verification. To make SAML work, you need to connect&nbsp;IDP with SP ahead of time. IDP and SP need to exchange metadata&nbsp;and get SSL certification for this integration to work. The SP and IDP must establish a trust relationship, which involves exchanging metadata that includes information about each other's endpoints, public keys, and other configuration details</SPAN></LI> </OL> <P>&nbsp;</P> <P><SPAN>SAML (Security Assertion Markup Language) protocol components and messages based to single sign-on (SSO):</SPAN></P> <P>&nbsp;</P> <OL> <LI><SPAN><STRONG>Identity Provider (IDP)</STRONG>: The system responsible for authenticating users and issuing SAML assertions that contain information about the user's identity and attributes</SPAN></LI> <LI><SPAN><STRONG>Service Provider (SP)</STRONG>: The system that provides access to protected resources or applications and that relies on SAML assertions issued by the IDP to authenticate users</SPAN></LI> <LI><SPAN><STRONG>Assertion Consumer Service (ACS)</STRONG>: A web endpoint on the SP that receives and processes SAML responses from the IDP</SPAN></LI> <LI><SPAN><STRONG>SAML Request</STRONG>: A message sent by the SP to the IDP requesting authentication and authorization for a user</SPAN></LI> <LI><SPAN><STRONG>SAML Response</STRONG>: A message sent by the IDP to the SP containing a SAML assertion that authenticates the user and provides information about their identity and attributes</SPAN></LI> </OL> <P>&nbsp;</P> <P><SPAN><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="SAML .png" style="width: 999px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/50071iCF736C8E422E39AA/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="SAML .png" alt="SAML .png" /></span></SPAN></P> <P>&nbsp;</P> <BR /> <P>&nbsp;</P> </DIV> Fri, 12 May 2023 13:24:05 GMT DKh Al Obaidi 2023-05-12T13:24:05Z SAML-Based SSO Authentication Idea https://live.paloaltonetworks.com/t5/general-articles/saml-based-sso-authentication-idea/ta-p/541599 <P><SPAN>SAML-based, SSO login summary with most of SAML components in the picture below, I want to point out some important things that need to be done to make SAML work:</SPAN></P> Fri, 12 May 2023 13:24:05 GMT https://live.paloaltonetworks.com/t5/general-articles/saml-based-sso-authentication-idea/ta-p/541599 DKh Al Obaidi 2023-05-12T13:24:05Z Re: SAML-Based SSO Authentication Idea https://live.paloaltonetworks.com/t5/general-articles/saml-based-sso-authentication-idea/tac-p/577665#M702 <P>We are getting an internal server error response after integrating prismacloud with keycloak. What could be the reason for the internal server error response?&nbsp;</P> Mon, 19 Feb 2024 14:21:47 GMT https://live.paloaltonetworks.com/t5/general-articles/saml-based-sso-authentication-idea/tac-p/577665#M702 ONYI.A 2024-02-19T14:21:47Z