To understand and use the SAML 2.0 connectors Access Manager Appliance provides, you must have a very good understanding of SAML 2.0. SAML, developed by the Security Services Technical Committed of the Organization for the Advancement of Structured Information Standards (OASIS), is an XML-based framework for communicating user authentication, entitlement, and attribute information. For more information see, Security Assertion Markup Language (SAML) V2.0 Technical Overview.
SAML 2.0 creates a two-way agreement between two vendors asserting that the information provided is valid. It provides a standard framework to share this information so you do not have to recreate the configuration for every vendor you want to share information.
To use the SAML 2.0 connectors provided for Access Manager Appliance, you must understand the basic concepts and components of SAML 2.0. SAML 2.0 defines each of the components using XML schema. You must be able to read and format documents in XML to use the connectors for SAML 2.0.
XML: SAML 2.0 is an XML-based framework. This means you must understand the XML format, structure, elements, and how it defines rules for encoding documents. For more information, see Introduction to XML on the www.w3schools.com website.
Assertion: SAML assertions define the syntax for creating XML-encoded assertions to describe authentication, attribute, and authorization information for an entity. The SAML 2.0 connectors help create the assertions for Access Manager Appliance and the federation applications.
Attributes: LDAP attributes passed between two entities. In this cases, it is LDAP attributes passed between Access Manager Appliance and connected federation applications.
Metadata: Metadata defines how SAML 2.0 shares configuration information between two communicating entities. You must be able to access and share the Access Manager Appliance metadata information with the federated application. You must also be to access and share the federated application metadata with Access Manager Appliance.
Protocols: SAML 2.0 supports HTTP, HTTPS, and SOAP protocols. The SAML 2.0 connectors use HTTPS to establish a secure connection between Access Manager Appliance and the federated applications. To establish the secure HTTPS connection, you must obtain the certificate from the metadata from Access Manager Appliance and the application. Each side then uses the other side’s certificate to create the secure connection.