The Synopsys Software Integrity Group is now Black Duck®. Learn More

close search bar

Sorry, not available in this language yet

close language selection

SAML Security

Course Description

This course provides an overview of the Security Assertion Markup Language (SAML). It explores the building blocks of SAML as applied to a single sign-on scenario. Throughout the course, we highlight the security responsibilities of the different stakeholders in a SAML flow. Finally, we put SAML into context with more modern technologies, such as OAuth 2.0 and OpenID Connect.

Learning Objectives

  • Assess whether SAML is the right solution to an IAM problem
  • Describe how SAML building blocks are used to build a protocol
  • Identify the role of a SAML identity provider and SAML service provider
  • List crucial security requirements for a secure SAML deployment

Details

Delivery Format: eLearning

Duration: 2 Hours

Level: Intermediate

Intended Audience:

  • Architects
  • Back-end Developers
  • Enterprise Developers

Prerequisites: 

Course Outline

Introduction

  • Different SAML Versions
  • SAML in a Modern Application Landscape
  • Course Outline

The Conceptual Idea Behind SAML

  • MEALSCORE: A SAML Scenario
  • Different Use Cases
  • The Responsibilities in a SAML Scenario

The Pros and Cons of SAML

  • What SAML Can Do
  • What SAML Cannot Do
  • SAML, OAuth 2.0, and OpenID Connect
  • Picking a SAML Implementation

Overview of SAML Building Blocks

  • SAML Building Blocks
  • SAML Assertions
  • SAML Protocols
  • SAML Bindings
  • SAML Profiles
  • The Role of XML

SAML Assertions

  • A Real-World SAML Assertion
  • Breaking Down a SAML Assertion
  • Validating the Signature
  • Verifying the Validity
  • Using a SAML Assertion

SAML Protocols, Bindings, and Profiles

  • Overview of SAML Protocols
  • The Authentication Request Protocol
  • Overview of SAML Bindings
  • The HTTP Redirect and HTTP POST Bindings
  • Overview of SAML Profiles
  • The Web Browser SSO Profile

SAML for Service Providers

  • Fitting SAML into the Application Architecture
  • A SAML Implementation Example
  • Handling Logout
  • Application-Specific Security Considerations
  • Supporting Multiple Identity Providers

SAML for Identity Providers

  • Handling User Authentication
  • Setting Up Delegation
  • Bridging SAML to Other Protocols

SAML Security Considerations

  • General Security Recommendations
  • Security Considerations for Service Providers
  • Security Considerations for Identity Providers

Conclusion

  • SAML in Modern Applications
  • OAuth 2.0, OpenID Connect, and SAML

Training

Developer Security Training

Equip development teams with the skills and education to write secure code and fix issues faster