Security Assertion Markup Language (SAML)

SAML 2.0 is an OASIS standard for exchanging authentication and authorization data between an Identity Provider (IdP) and a Service Provider (SP). It uses XML-based assertions to enable Single Sign-On (SSO) across domains—commonly used in enterprise and education federation ecosystems.

Key Capabilities

  • Standardized federation: Defines profiles for Web Browser SSO, Single Logout, and Artifact Resolution across domains.

  • XML-based assertions: The core unit of SAML is the assertion, containing authentication, attribute, and authorization statements digitally signed by the IdP.

  • Bindings & protocols: Specifies HTTP Redirect, POST, Artifact, and SOAP bindings to transport assertions between IdP and SP.

  • Metadata interoperability: Each party publishes an XML metadata file listing endpoints, certificates, and protocol bindings enabling dynamic trust establishment.

Limitations

  • XML complexity: Verbose XML schemas and digital signatures make SAML heavier and more difficult to implement securely than JSON-based OIDC.

  • Browser-centric design: Primarily supports web browser flows; unsuitable for native/mobile API clients compared to OAuth/OIDC.

  • Token size: Assertions can be large, impacting header sizes and redirect limits.

  • Limited dynamic discovery: Unlike OIDC, SAML lacks a built-in discovery and dynamic registration model.

  • Protocol lifecycle: SAML 2.0 remains widely deployed but is considered feature-stable; newer ecosystems favor OIDC/OAuth 2.0 for modern app architectures.

Customer Identity, Simplified.

No Complexity. No Limits.
Thousands of businesses trust LoginRadius for reliable customer identity. Easy to integrate, effortless to scale.

See how simple identity management can be. Start today!
Free Trial
Contact Sales