Single Sign On with SAML 2.0

From Hornbill
Jump to navigation Jump to search

PRELIMINARY INFORMATION

The Hornbill platform supports single-sign-on and transparent auto provisioning of both user and guest accounts using SAML 2.0 providing enterprise-class user identity integration.

  • Multiple Identity Providers Supported
  • User Provisioning Templates
  • Digital Signature Validation
  • Public Key Verification
  • Assertion Value Attribute Mapping
  • Flexible NameID override

SAML Overview

Security Assertion Markup Language ('SAML, pronounced "sam-el") is an XML-based open standard data format for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. SAML is a product of the OASIS (organization) Security Services Technical Committee. SAML dates from 2001; the most recent major update of SAML was published in 2005, but protocol enhancements have steadily been added through additional, optional standards.
Source: http://en.wikipedia.org/wiki/Security_Assertion_Markup_Language

The use of SAML allows external authentication of users and is often also used for SSO (Single Sign-on), which is a method of access control that enables a user to log in to their organisation one time but then have transparent authorisation to access resources of multiple software systems without being prompted to log in to each system separately. In the context of Hornbill, once configured, users may access their Hornbill instance pre-authenticated based on their enterprise desktop or browser login. As well as supporting single-sign-on but we also provide the ability to auto-provision authorised users on the Hornbill instance which removes a significant overhead in terms of system administration.

There are three key actors in any SAML implementation, these are the "user" trying to access the application, the "identity provider" which knows and had identified the user, and the "service provider" which provides the application and/or resources that the user wishes to access. Your Hornbill instance is a service provider, and typically your enterprise directory system, very often Microsoft Active Directory acts as the identity provider.

Retrieved from "https://wiki.hornbill.com/index.php?title=Single_Sign_On_with_SAML_2.0&oldid=2702"